Mozilla Thunderbird client saved OpenPGP keys in clear text

The issue was related to a bug in the RNP software library used in the Thunderbird client and Mozilla Firefox browser.
The free email client Mozilla Thunderbird has saved some users' OpenPGP keys in plain text for the past few months. The vulnerability (CVE-2021-29956) affected Thunderbird versions 78.8.1 to 78.10.1.

Due to the vulnerability, imported OpenPGP keys were stored on users' devices without encryption. This way, a local attacker could view and copy the keys and then impersonate the original sender of the supposedly protected emails.

A few weeks ago, some users of the desktop Thunderbird email client found that when they opened the program, they could view OpenPGP-encrypted emails without entering their master passwords. In Thunderbird, such messages should only be viewable after authentication.

Key handling processes have been rewritten to ensure their security. Prior to the code rewriting, the process for handling newly imported OpenPGP keys in Thunderbird was as follows:

  1. Importing a secret key into a temporary memory area;
  2. Unlock the key with a user-entered password;
  3. Copying the key in permanent storage;
  4. Protect your key with an OpenPGP Thunderbird automatic password;
  5. Save a new list of secret keys on the drive.
After rewriting, the order of action was changed, in particular the order of steps 3 and 4.
  1. Importing a secret key into a temporary memory area;
  2. Unlock the key with a user-entered password;
  3. Protect your key with an OpenPGP Thunderbird automatic password;
  4. Copying the key in permanent storage;
  5. Save a new list of secret keys on the drive.

“It was assumed that the protection of the private key in step 3 would be preserved when it was copied to another storage area ... the assumption was false,” explained Kai Engert, one of the Thunderbird team.

In fact, when the key was copied to persistent storage, the protection was disabled as a result of a bug in the RNP software library used in Thunderbird and the Mozilla Firefox browser to protect OpenPGP keys.

The issue has been fixed in Thunderbird version 78.10.2, and later versions of the mail client will check for unsecured keys in secring.gpg. If such keys are found, they will be converted to secure keys.