QID 352456
Date Published: 2021-07-02
QID 352456: Amazon Linux Security Advisory for thunderbird: ALAS2-2021-1681
<DIV ID="issue_overview"> openpgp secret keys that were imported using thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk.
The master password protection was inactive for those keys.
Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected thunderbird versions.
This vulnerability affects thunderbird < 78.10.2. (
cve-2021-29956 ) if a mime encoded email contains an openpgp inline signed or encrypted message part, but also contains an additional unprotected part, thunderbird did not indicate that only parts of the message are protected.
cve-2021-29957 ) mozilla developers reported memory safety bugs present in firefox 88 and firefox esr 78.11.
Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
This vulnerability affects thunderbird < 78.11, firefox < 89, and firefox esr < 78.11. (
cve-2021-29967 ) </DIV>
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
- ALAS2-2021-1681 -
alas.aws.amazon.com/AL2/ALAS-2021-1681.html
CVEs related to QID 352456
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS2-2021-1681 | Amazon Linux 2 |
alas.aws.amazon.com/AL2/ALAS-2021-1681.html |