Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2021-17/#CVE-2021-29950
Acknowledgments: Name: the Mozilla project Upstream: Cure53
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-29950