Home > Vulnerability Database > CVE-2021-23991

Mend.io Vulnerability Database

CVE-2021-23991

Date: June 24, 2021

If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might subsequently attempt to use the invalid subkey, and will fail to send encrypted email to Alice. This vulnerability affects Thunderbird < 78.9.1.

Language: JS

Severity Score

6.8

Related Resources (9)

Url: https://security-tracker.debian.org/tracker/CVE-2021-23991

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-23991

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23991

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1673240

Url: https://github.com/mozilla/releases-comm-central/commit/0606e9f0005d4d8c720f0e637cbf5b11dfee8398

Url: https://access.redhat.com/security/cve/CVE-2021-23991

Url: https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23991

Url: https://www.mozilla.org/security/advisories/mfsa2021-13/

Url: https://www.mend.io/vulnerability-database/CVE-2021-23991

Severity Score

6.8

CVSS v3.1

Base Score:	6.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-23991

Date: June 24, 2021

Language: JS

Severity Score

Related Resources (9)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?