CVE-2024-11159 — Cleartext Storage of Sensitive Info

Vendor	Product	Version range	Fixed in
debian	thunderbird	< thunderbird 1:128.4.3esr-1~deb12u1 (bookworm)	thunderbird 1:128.4.3esr-1~deb12u1 (bookworm)
mozilla	firefox	—	—
mozilla	thunderbird	< 128.4.3	128.4.3
mozilla	thunderbird	>= 0 < 1:128.4.3esr-1~deb11u1	1:128.4.3esr-1~deb11u1
mozilla	thunderbird	>= 0 < 1:128.4.3esr-1~deb12u1	1:128.4.3esr-1~deb12u1
mozilla	thunderbird	>= 0 < 1:128.4.3esr-1	1:128.4.3esr-1
mozilla	thunderbird	>= 0 < 1:128.4.3esr-1	1:128.4.3esr-1
mozilla	thunderbird	>= 129.0 < 132.0.1	132.0.1
mozilla	thunderbird	>= unspecified < 128.4.3	128.4.3
mozilla	thunderbird	>= unspecified < 132.0.1	132.0.1

Red Hat

thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message

vendor_redhat·2024-11-13·CVSS 4.3

CVE-2024-11159 [MEDIUM] CWE-200 thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird < 128.4.3 and Thunderbird < 132.0.1. The Mozilla Foundation Security Advisory describes this flaw as: Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. Package: thunderbird (Red Hat Enterprise Linux 6) - Out of support scope Package: thunderbird (Red Hat Enterprise Linux 7) - Out of support scope Package: thunderbird-flatpak-container (Red Hat Enterprise Linux 9) - Affected

Debian

CVE-2024-11159: thunderbird - Using remote content in OpenPGP encrypted messages can lead to the disclosure of...

vendor_debian·2024·CVSS 4.3

CVE-2024-11159 [MEDIUM] CVE-2024-11159: thunderbird - Using remote content in OpenPGP encrypted messages can lead to the disclosure of... Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird < 128.4.3 and Thunderbird < 132.0.1. Scope: local bookworm: resolved (fixed in 1:128.4.3esr-1~deb12u1) bullseye: resolved (fixed in 1:128.4.3esr-1~deb11u1) forky: resolved (fixed in 1:128.4.3esr-1) sid: resolved (fixed in 1:128.4.3esr-1) trixie: resolved (fixed in 1:128.4.3esr-1)

Mozilla

Mozilla Foundation Security Advisory 2024-61: CVE-2024-11159

vendor_mozilla·CVSS 4.3

CVE-2024-11159 [MEDIUM] Mozilla Foundation Security Advisory 2024-61: CVE-2024-11159 Mozilla Foundation Security Advisory 2024-61 CVE: CVE-2024-11159 Product: Thunderbird Impact: high Fixed in: Thunderbird 128.4.3

Mozilla

Mozilla Foundation Security Advisory 2024-62: CVE-2024-11159

vendor_mozilla·CVSS 4.3

CVE-2024-11159 [MEDIUM] Mozilla Foundation Security Advisory 2024-62: CVE-2024-11159 Mozilla Foundation Security Advisory 2024-62 CVE: CVE-2024-11159 Product: Thunderbird Impact: high Fixed in: Thunderbird 132.0.1

OSV

CVE-2024-11159: Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext

osv·2024-11-13·CVSS 4.3

CVE-2024-11159 [MEDIUM] CVE-2024-11159: Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird < 128.4.3 and Thunderbird < 132.0.1.

GHSA

GHSA-jm4h-wwjv-4q5c: Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext

ghsa_unreviewed·2024-11-13

CVE-2024-11159 [MEDIUM] CWE-203 GHSA-jm4h-wwjv-4q5c: Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird < 128.4.3 and Thunderbird < 132.0.1.

CVE-2024-11159: Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird < 128.4.3 and Thunderbird <…

Affected

CVSS provenance