CVE-2024-11159Cleartext Storage of Sensitive Info in Mozilla Thunderbird

CWE-312Cleartext Storage of Sensitive InfoCWE-200Sensitive Information ExposureCWE-203Observable Discrepancy8 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 71.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Thunderbird
Timeline
PublishedNov 13

Description

Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird < 128.4.3 and Thunderbird < 132.0.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

CVEListV5mozilla/thunderbirdunspecified128.4.3+1
NVDmozilla/thunderbird129.0132.0.1+1
Debianmozilla/thunderbird< 1:128.4.3esr-1~deb11u1+3

🔴Vulnerability Details

3
OSV
CVE-2024-11159: Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext2024-11-13
CVEList
CVE-2024-11159: Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext2024-11-13
GHSA
GHSA-jm4h-wwjv-4q5c: Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext2024-11-13

📋Vendor Advisories

4
Red Hat
thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message2024-11-13
Debian
CVE-2024-11159: thunderbird - Using remote content in OpenPGP encrypted messages can lead to the disclosure of...2024
Mozilla
Mozilla Foundation Security Advisory 2024-61: CVE-2024-11159
Mozilla
Mozilla Foundation Security Advisory 2024-62: CVE-2024-11159
CVE-2024-11159 — Cleartext Storage of Sensitive Info | cvebase