CVE-2021-23993: 
NixOS vulnerability analysis and mitigation

CVE-2021-23993 is a security vulnerability discovered in Mozilla Thunderbird's OpenPGP implementation that was disclosed and fixed in April 2021. The vulnerability affects Thunderbird's handling of OpenPGP keys and was patched in version 78.9.1. This moderate severity issue impacts the email encryption functionality of the Thunderbird mail client (Mozilla Advisory).

The vulnerability occurs when Thunderbird attempts to handle OpenPGP keys with invalid self-signatures. Specifically, if an OpenPGP key contains a subkey with an invalid self-signature, Thunderbird would attempt to use the invalid subkey for encryption, but the RNP (Recursive NetPGP) library would reject it, causing the encryption process to fail. The issue was assigned a moderate severity rating and was discovered by security researcher Neal Walfield (Mozilla Advisory).

The vulnerability enables a denial of service (DoS) attack that prevents users from sending encrypted emails to their correspondents. When exploited, the vulnerability causes encryption operations to fail, effectively blocking the user's ability to send encrypted communications to specific recipients (Mozilla Advisory).

The vulnerability was patched in Thunderbird version 78.9.1. Users are advised to update to this version or later to mitigate the issue. Red Hat also released security updates for affected versions of Thunderbird in their Enterprise Linux distributions (Red Hat Advisory).