Mozilla Thunderbird is vulnerable to a denial of service, caused by the inability to send encrypted OpenPGP email after importing a specially crafted OpenPGP key. By creating a specially crafted OpenPGP key with a subkey that has an invalid self signature, an attacker could exploit this vulnerability to cause the encryption to fail.
Mozilla Thunderbird could allow a remote attacker to bypass security restrictions, caused by the failure to check if the user ID associated with an OpenPGP key has a valid self signature. By either replacing the original user ID, or by adding another user ID, an attacker could exploit this vulnerability to create a specially crafted version of an OpenPGP key.
Mozilla Thunderbird 78.9.0
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.