Bugzilla – Bug 1185086
VUL-0: CVE-2021-29950: MozillaThunderbird: Logic issue potentially leaves key material unlocked
Last modified: 2021-07-10 22:19:41 UTC
rh#1951873 Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2021-17/#CVE-2021-29950 References: https://bugzilla.redhat.com/show_bug.cgi?id=1951873 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29950
CVE added after the fact, already fixed in relevant codestreams. Closing
SUSE-SU-2021:1854-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1185086,1185633,1186198,1186199 CVE References: CVE-2021-29950,CVE-2021-29951,CVE-2021-29956,CVE-2021-29957 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 15-SP3 (src): MozillaThunderbird-78.10.2-8.27.1 SUSE Linux Enterprise Workstation Extension 15-SP2 (src): MozillaThunderbird-78.10.2-8.27.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:1854-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1185086,1185633,1186198,1186199 CVE References: CVE-2021-29950,CVE-2021-29951,CVE-2021-29956,CVE-2021-29957 JIRA References: Sources used: openSUSE Leap 15.3 (src): MozillaThunderbird-78.10.2-8.27.1