CVE-2021-29948

Summary

Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file. This vulnerability affects Thunderbird < 78.10.

Affected Software

VendorProductVersion RangeStatus
MozillaThunderbirdunspecified < 78.10affected

Weaknesses

  • Race condition when reading from disk while verifying signatures

ADP Enrichment

CVE Program Container

Additional References

References