CVE-2021-29957
4.3
MEDIUM
CVSS 3.1
EPSS 0.22%
Description
If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird < 78.10.2.
How to fix CVE-2021-29957
To remediate CVE-2021-29957, upgrade the affected package to a fixed version below.
- Debian/thunderbird—upgrade to 1:78.10.2-1 or later
Is CVE-2021-29957 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:78.10.2-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |