Rewterz Threat Advisory – Multi Cisco Product Vulnerabilities
April 9, 2021Rewterz Threat Advisory – CVE-2021-3447 – Multiple Redhat Security Vulnerabilities
April 12, 2021Rewterz Threat Advisory – Multi Cisco Product Vulnerabilities
April 9, 2021Rewterz Threat Advisory – CVE-2021-3447 – Multiple Redhat Security Vulnerabilities
April 12, 2021Severity
Medium
Analysis Summary
CVE-2021-23993
Mozilla Thunderbird is vulnerable to a denial of service, caused by the inability to send encrypted OpenPGP email after importing a specially crafted OpenPGP key. By creating a specially crafted OpenPGP key with a subkey that has an invalid self signature, an attacker could exploit this vulnerability to cause the encryption to fail.
CVE-2021-23992
Mozilla Thunderbird could allow a remote attacker to bypass security restrictions, caused by the failure to check if the user ID associated with an OpenPGP key has a valid self signature. By either replacing the original user ID, or by adding another user ID, an attacker could exploit this vulnerability to create a specially crafted version of an OpenPGP key.
Impact
- Denial of Service
- Bypass Security
Affected Vendors
Mozilla
Affected Products
Mozilla Thunderbird 78.9.0
Remediation
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.