5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.5%
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 115.11.0.
Security Fix(es):
firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367)
firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767)
firefox: Potential permissions request bypass via clickjacking (CVE-2024-4768)
firefox: Cross-origin responses could be distinguished between script and
non-script content-types (CVE-2024-4769)
firefox: Use-after-free could occur when printing to PDF (CVE-2024-4770)
firefox: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and
Thunderbird 115.11 (CVE-2024-4777)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.5%