4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
35.2%
Thunderbird did not check if the user ID associated with an OpenPGP key has
a valid self signature. An attacker may create a crafted version of an
OpenPGP key, by either replacing the original user ID, or by adding another
user ID. If Thunderbird imports and accepts the crafted key, the
Thunderbird user may falsely conclude that the false user ID belongs to the
correspondent. This vulnerability affects Thunderbird < 78.9.1.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | thunderbird | < 1:78.11.0+build1-0ubuntu0.18.04.2 | UNKNOWN |
ubuntu | 20.04 | noarch | thunderbird | < 1:78.11.0+build1-0ubuntu0.20.04.2 | UNKNOWN |
ubuntu | 20.10 | noarch | thunderbird | < 1:78.11.0+build1-0ubuntu0.20.10.2 | UNKNOWN |
ubuntu | 21.04 | noarch | thunderbird | < 1:78.11.0+build1-0ubuntu0.21.04.2 | UNKNOWN |
ubuntu | 21.10 | noarch | thunderbird | < 1:78.11.0+build1-0ubuntu2 | UNKNOWN |
ubuntu | 22.04 | noarch | thunderbird | < 1:78.11.0+build1-0ubuntu2 | UNKNOWN |
ubuntu | 22.10 | noarch | thunderbird | < 1:78.11.0+build1-0ubuntu2 | UNKNOWN |
ubuntu | 23.04 | noarch | thunderbird | < 1:78.11.0+build1-0ubuntu2 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2021-23992
nvd.nist.gov/vuln/detail/CVE-2021-23992
security-tracker.debian.org/tracker/CVE-2021-23992
ubuntu.com/security/notices/USN-4995-1
ubuntu.com/security/notices/USN-4995-2
www.cve.org/CVERecord?id=CVE-2021-23992
www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23992
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
35.2%