Synopsis: Moderate: thunderbird security update
Advisory ID: SLSA-2021:1192-1
Issue Date: 2021-04-14
CVE Numbers: CVE-2021-23991
CVE-2021-23992
CVE-2021-23993
—
This update upgrades Thunderbird to version 78.9.1.
Security Fix(es):
* Mozilla: An attacker may use Thunderbird’s OpenPGP key refresh mechanism
to poison an existing key (CVE-2021-23991)
* Mozilla: A crafted OpenPGP key with an invalid user ID could be used to
confuse the user (CVE-2021-23992)
* Mozilla: Inability to send encrypted OpenPGP email after importing a
crafted OpenPGP key (CVE-2021-23993)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
—
– Scientific Linux Development Team
