Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state.
Name: the Mozilla project
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):