CVE-2021-43529
Summary
| CVE | CVE-2021-43529 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-02-16 22:15:00 UTC |
|---|
| Updated | 2023-02-28 13:55:00 UTC |
|---|
| Description | Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS signatures. |
|---|
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|
| Application |
Mozilla |
Thunderbird |
All |
All |
All |
All |
References
| Reference | Source | Link | Tags |
|---|
| 1738501 - (CVE-2021-43529) Automatic S/MIME cert import should use additional verification using mozilla::pkix |
MISC |
bugzilla.mozilla.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 178983 Debian Security Update for thunderbird (DSA 5034-1)
- 178986 Debian Security Update for thunderbird (DLA 2874-1)
- 183099 Debian Security Update for thunderbird (CVE-2021-43529)
- 710585 Gentoo Linux Mozilla Thunderbird Multiple Vulnerabilities (GLSA 202208-14)
- 960744 Rocky Linux Security Update for thunderbird (RLSA-2021:4130)
