{"api_version":"1","generated_at":"2026-04-23T00:42:05+00:00","cve":"CVE-2021-29957","urls":{"html":"https://cve.report/CVE-2021-29957","api":"https://cve.report/api/cve/CVE-2021-29957.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-29957","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-29957"},"summary":{"title":"CVE-2021-29957","description":"If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird < 78.10.2.","state":"PUBLIC","assigner":"security@mozilla.org","published_at":"2021-06-24 14:15:00","updated_at":"2021-06-30 17:30:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1673241","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1673241","refsource":"MISC","tags":[],"title":"1673241 - (CVE-2021-29957) RNP-01-008 WP3 Thunderbird: Partially unencrypted email insufficiently detected (Low)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.mozilla.org/security/advisories/mfsa2021-22/","name":"https://www.mozilla.org/security/advisories/mfsa2021-22/","refsource":"MISC","tags":[],"title":"Security Vulnerabilities fixed in Thunderbird 78.10.2 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-29957","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29957","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"29957","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"thunderbird","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-29957","qid":"159247","title":"Oracle Enterprise Linux Security Update for thunderbird (ELSA-2021-2263)"},{"cve":"CVE-2021-29957","qid":"159248","title":"Oracle Enterprise Linux Security Update for thunderbird (ELSA-2021-2264)"},{"cve":"CVE-2021-29957","qid":"178653","title":"Debian Security Update for thunderbird (DSA 4927-1)"},{"cve":"CVE-2021-29957","qid":"178662","title":"Debian Security Update for thunderbird (DLA 2679-1)"},{"cve":"CVE-2021-29957","qid":"180342","title":"Debian Security Update for thunderbird (CVE-2021-29957)"},{"cve":"CVE-2021-29957","qid":"198415","title":"Ubuntu Security Notification for Thunderbird vulnerabilities (USN-4995-1)"},{"cve":"CVE-2021-29957","qid":"198424","title":"Ubuntu Security Notification for Thunderbird vulnerabilities (USN-4995-2)"},{"cve":"CVE-2021-29957","qid":"239360","title":"Red Hat Update for thunderbird (RHSA-2021:2264)"},{"cve":"CVE-2021-29957","qid":"239361","title":"Red Hat Update for thunderbird (RHSA-2021:2262)"},{"cve":"CVE-2021-29957","qid":"239416","title":"Red Hat Update for thunderbird (RHSA-2021:2263)"},{"cve":"CVE-2021-29957","qid":"239417","title":"Red Hat Update for thunderbird (RHSA-2021:2261)"},{"cve":"CVE-2021-29957","qid":"296053","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 35.94.4 Missing (CPUJUL2021)"},{"cve":"CVE-2021-29957","qid":"352456","title":"Amazon Linux Security Advisory for thunderbird: ALAS2-2021-1681"},{"cve":"CVE-2021-29957","qid":"375578","title":"Mozilla Thunderbird Security Vulnerability (MFSA2021-22)"},{"cve":"CVE-2021-29957","qid":"502381","title":"Alpine Linux Security Update for thunderbird"},{"cve":"CVE-2021-29957","qid":"503632","title":"Alpine Linux Security Update for thunderbird"},{"cve":"CVE-2021-29957","qid":"503634","title":"Alpine Linux Security Update for thunderbird"},{"cve":"CVE-2021-29957","qid":"503650","title":"Alpine Linux Security Update for thunderbird"},{"cve":"CVE-2021-29957","qid":"503669","title":"Alpine Linux Security Update for thunderbird"},{"cve":"CVE-2021-29957","qid":"506260","title":"Alpine Linux Security Update for thunderbird"},{"cve":"CVE-2021-29957","qid":"750810","title":"OpenSUSE Security Update for MozillaThunderbird (openSUSE-SU-2021:1854-1)"},{"cve":"CVE-2021-29957","qid":"940023","title":"AlmaLinux Security Update for thunderbird (ALSA-2021:2264)"},{"cve":"CVE-2021-29957","qid":"960045","title":"Rocky Linux Security Update for thunderbird (RLSA-2021:2264)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-29957","ASSIGNER":"security@mozilla.org","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Mozilla","product":{"product_data":[{"product_name":"Thunderbird","version":{"version_data":[{"version_value":"78.10.2","version_affected":"<"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Partial protection of inline OpenPGP message not indicated"}]}]},"references":{"reference_data":[{"url":"https://www.mozilla.org/security/advisories/mfsa2021-22/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2021-22/"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1673241","refsource":"MISC","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1673241"}]},"description":{"description_data":[{"lang":"eng","value":"If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird < 78.10.2."}]}},"nvd":{"publishedDate":"2021-06-24 14:15:00","lastModifiedDate":"2021-06-30 17:30:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"78.10.2","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"29957","Ordinal":"205188","Title":"CVE-2021-29957","CVE":"CVE-2021-29957","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"29957","Ordinal":"1","NoteData":"If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird < 78.10.2.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"29957","Ordinal":"2","NoteData":"2021-06-24","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"29957","Ordinal":"3","NoteData":"2021-06-24","Type":"Other","Title":"Modified"}]}}}