Home

CVE-2021-29948

Description

Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file. This vulnerability affects Thunderbird < 78.10.

Risk Information

Base Score
2.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.071

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Mozilla Thunderbird 78.9Windows
Multiple vulnerabilities are fixed in Mozilla Thunderbird For Mac 78.10Mac
Multiple Vulnerabilities are affected in Mozilla Thunderbird for Mac 78.9Mac
thunderbird security update(DSA-4897-1) thunderbird_78.10.0-1~deb10u1_i386.debLinux
thunderbird security update(DSA-4897-1) thunderbird_78.10.0-1~deb10u1_amd64.debLinux
(RHSA-2021:1350) thunderbird security update thunderbird-78.10.0-1.el7_9.x86_64.rpmLinux
(RHSA-2021:1353) thunderbird security update thunderbird-78.10.0-1.el8_3.x86_64.rpmLinux
(RHSA-2021:1353) thunderbird security update thunderbird-debugsource-78.10.0-1.el8_3.x86_64.rpmLinux
Mozilla Open Source mail and newsgroup client (USN-4995-1) thunderbird_78.11.0+build1-0ubuntu0.20.04.2_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-4995-1) thunderbird_78.11.0+build1-0ubuntu0.20.10.2_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-4995-1) thunderbird_78.11.0+build1-0ubuntu0.21.04.2_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-4995-2) thunderbird_78.11.0+build1-0ubuntu0.18.04.2_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-4995-2) thunderbird_78.11.0+build1-0ubuntu0.18.04.2_amd64.debLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-611807Mozilla Thunderbird For Mac (142.0)
PATCH-611807Mozilla Thunderbird For Mac (142.0)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234