Lucene search
HistoryMar 04, 2024 - 10:15 p.m.
CVE-2024-1936
cve-2024-1936
email security
thunderbird
encryption
confidential information leakage
vulnerability
nvd
The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird’s local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third party. While this update fixes the bug and avoids future message contamination, it does not automatically repair existing contaminations. Users are advised to use the repair folder functionality, which is available from the context menu of email folders, which will erase incorrect subject assignments. This vulnerability affects Thunderbird < 115.8.1.
Affected configurations
Node
mozillathunderbirdRange≤115.8.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | thunderbird | * | cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "115.8.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
nessus
nessus
Fedora 38 : thunderbird (2024-325c1d1fce)
2024-03-13 00:00:00
Fedora 40 : thunderbird (2024-d8a0e599e2)
2024-04-29 00:00:00
amazon
amazon
Low: thunderbird
2024-03-13 20:26:00
redhatcve
redhatcve
CVE-2024-1936
2024-03-06 13:42:35
slackware
slackware
[slackware-security] mozilla-thunderbird
2024-03-05 21:23:09
prion
prion
Design/Logic Flaw
2024-03-04 22:15:00
kaspersky
kaspersky
KLA64752 OSI vulnerability in Mozilla Thunderbird
2024-03-04 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0054)
2024-03-12 00:00:00
Mozilla Thunderbird Security Update (mfsa_2024-11) - Mac OS X
2024-03-11 00:00:00
Slackware: Security Advisory (SSA:2024-065-01)
2024-03-06 00:00:00
cvelist
cvelist
CVE-2024-1936
2024-03-04 21:31:54
nvd
nvd
CVE-2024-1936
2024-03-04 22:15:46
mageia
mageia
Updated thunderbird packages fix security vulnerability and make improvements
2024-03-12 03:30:17
veracode
veracode
Sensitive Information Exposure
2024-03-10 02:43:19
debiancve
debiancve
CVE-2024-1936
2024-03-04 22:15:46
mozilla
mozilla
Security Vulnerabilities fixed in Thunderbird 115.8.1 — Mozilla
2024-03-04 00:00:00
ubuntucve
ubuntucve
CVE-2024-1936
2024-03-04 00:00:00
redhat
redhat
(RHSA-2024:1500) Moderate: thunderbird security update
2024-03-25 18:46:38
(RHSA-2024:1499) Moderate: thunderbird security update
2024-03-25 18:34:00
(RHSA-2024:1498) Moderate: thunderbird security update
2024-03-25 18:33:53
oraclelinux
oraclelinux
thunderbird security update
2024-03-26 00:00:00
thunderbird security update
2024-03-26 00:00:00
thunderbird security update
2024-03-25 00:00:00
osv
osv
Moderate: thunderbird security update
2024-03-25 00:00:00
Moderate: thunderbird security update
2024-03-25 00:00:00
Moderate: thunderbird security update
2024-03-27 04:34:32
centos
centos
thunderbird security update
2024-04-03 14:01:39
rocky
rocky
thunderbird security update
2024-03-27 04:34:32
almalinux
almalinux
Moderate: thunderbird security update
2024-03-25 00:00:00
Moderate: thunderbird security update
2024-03-25 00:00:00
debian
debian
[SECURITY] [DLA 3769-1] thunderbird security update
2024-03-23 11:22:35
[SECURITY] [DSA 5644-1] thunderbird security update
2024-03-21 19:22:16
gentoo
gentoo
Mozilla Thunderbird: Multiple Vulnerabilities
2024-05-12 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2024-03-04 00:00:00