https://www.mozilla.org/en-US/security/advisories/mfsa2021-22/#CVE-2021-29956 Menu Mozilla Download Firefox Firefox Privacy Notice Get a Firefox Account * Firefox Browsers Close Firefox Browsers menu + [log] Firefox for Desktop Get the not-for-profit-backed browser on Windows, Mac or Linux. + [log] Firefox for Android Get the customizable mobile browser for Android smartphones. + [log] Firefox for iOS Get the mobile browser for your iPhone or iPad. + [ico] Privacy Promise Learn how Firefox treats your data with respect. + Firefox Blog Read about new Firefox features and ways to stay safe online. + Release Notes Get the details on the latest Firefox updates. View all Firefox Browsers * Products Close Products menu + [log] Firefox Monitor See if your email has appeared in a company's data breach. + Facebook Container Help prevent Facebook from collecting your data outside their site. + [log] Pocket Save and discover the best stories from across the web. + Mozilla VPN Get protection beyond your browser, on all your devices. + Product Promise Learn how each Firefox product protects and respects your data. + [ico] Firefox Relay Sign up for new accounts without handing over your email address. + [ico] Firefox Private Network (beta) Protect your browser's connection to the internet. View all Products * Who We Are Close Who We Are menu + Mozilla Manifesto Learn about the values and principles that guide our mission. + Mozilla Foundation Meet the not-for-profit behind Firefox that stands for a better web. + Get involved Join the fight for a healthy internet. + Leadership Meet the team that's building technology for a better internet. + Careers Work for a mission-driven organization that makes people-first products. + Mozilla Blog Learn about Mozilla and the issues that matter to us. More About Mozilla * Innovation Close Innovation menu + Mozilla Hubs Gather in this interactive, online, multi-dimensional social space. + [log] Firefox Developer Edition Get the Firefox browser built just for developers. + MDN Web Docs Check out the home for web developer resources. + [log] Firefox Reality Explore the web with the Firefox browser for virtual reality. + [icon-commo] Common Voice Donate your voice so the future of the web can hear everyone. + WebAssembly Learn more about the new, low-level, assembly-like language. More Mozilla Innovation Menu * Mozilla Security Mozilla Security * Advisories * Known Vulnerabilities * Mozilla Security Blog * Security Bug Bounty Client Bug Bounty * Frequently Asked Questions * Hall of Fame Web Bug Bounty * Eligible Websites * Frequently Asked Questions * Hall of Fame Mozilla Foundation Security Advisory 2021-22 Security Vulnerabilities fixed in Thunderbird 78.10.2 Announced May 17, 2021 Impact low Products Thunderbird Fixed in + Thunderbird 78.10.2 #CVE-2021-29957: Partial protection of inline OpenPGP message not indicated Reporter Cure53 Impact low Description If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. References * Bug 1673241 #CVE-2021-29956: Thunderbird stored OpenPGP secret keys without master password protection Reporter Participants on the Thunderbird E2EE Mailing List Impact low Description OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions. References * Bug 1710290 Company * Mozilla Manifesto * Press Center * Corporate Blog * Careers * Contact * Donate Resources * Privacy Hub * Browser Comparison * Brand Standards Support * Product Help * File a Bug Developers * Developer Edition * Beta * Beta for Android * Nightly * Nightly for Android * Enterprise * Tools Follow @Mozilla * Twitter (@mozilla) * Instagram (@mozilla) Follow @Firefox * Twitter (@firefox) * Instagram (@firefox) * YouTube (@firefoxchannel) Mozilla * Website Privacy Notice * Cookies * Legal * Community Participation Guidelines Visit Mozilla Corporation's not-for-profit parent, the Mozilla Foundation. Portions of this content are (c)1998-2021 by individual mozilla.org contributors. Content available under a Creative Commons license. [set_hsts]