Home > Vulnerability Database > CVE-2021-4126

Mend.io Vulnerability Database

CVE-2021-4126

Date: December 22, 2022

When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. This gave the false impression that the additional contents were also covered by the digital signature. Starting with Thunderbird version 91.4.1, only the signature that belongs to the top level MIME part will be considered for the displayed status. This vulnerability affects Thunderbird < 91.4.1.

Language: SCHEME

Severity Score

6.5

Related Resources (8)

Url: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-4126

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-4126

Url: https://github.com/guix-mirror/guix/commit/06bd982923c572d00b0cfdaecbdeeceea1048e26

Url: https://www.mozilla.org/security/advisories/mfsa2021-55/

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1732310

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-4126

Url: https://security-tracker.debian.org/tracker/CVE-2021-4126

Url: https://www.mend.io/vulnerability-database/CVE-2021-4126

Severity Score

6.5

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2021-4126

Date: December 22, 2022

Language: SCHEME

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?