Thunderbird unprotects a secret OpenPGP key prior to...
High severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Jan 29, 2023
Description
Published by the National Vulnerability Database
Jun 24, 2021
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Jan 29, 2023
Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird < 78.8.1.
References