{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1327?format=json","vulnerability_id":"VCID-ab23-e5u8-ykck","summary":"Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file.","aliases":[{"alias":"CVE-2021-29948"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2418?format=json","purl":"pkg:alpm/archlinux/thunderbird@78.10.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/thunderbird@78.10.0-1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2417?format=json","purl":"pkg:alpm/archlinux/thunderbird@78.9.1-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5fw4-9nf9-h3d7"},{"vulnerability":"VCID-7ex1-ufcv-5yg8"},{"vulnerability":"VCID-7nqh-truu-7khb"},{"vulnerability":"VCID-ab23-e5u8-ykck"},{"vulnerability":"VCID-fhb3-5sbs-s7cq"},{"vulnerability":"VCID-ppcj-1ng5-53hq"},{"vulnerability":"VCID-zjej-aua1-abbc"},{"vulnerability":"VCID-zuvn-gw4m-47c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/thunderbird@78.9.1-3"}],"references":[{"reference_url":"https://security.archlinux.org/ASA-202104-4","reference_id":"ASA-202104-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-4"},{"reference_url":"https://security.archlinux.org/AVG-1836","reference_id":"AVG-1836","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1836"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-14","reference_id":"mfsa2021-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-14"}],"weaknesses":[],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ab23-e5u8-ykck"}