The Mozilla Thunderbird email client was saving some users' OpenPGP keys in plain text over the past few months. The vulnerability (CVE-2021-29956) affected Thunderbird between version 78.8.1 and version 78.10.1.

Due to the vulnerability, imported OpenPGP keys were saved to users' devices without encryption. A local attacker could therefore have viewed and copied the keys, allowing them to pose as the genuine sender of supposedly secure emails.

The issue has been fixed in Thunderbird version 78.10.2.

Source: securitylab.ru