CVE-2024-11159

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Thunderbird versions prior to 128.4.3 Thunderbird versions prior to 132.0.1

Description: The issue is related to the use of remote content in OpenPGP encrypted messages, which can lead to the disclosure of plaintext. This is due to insufficient protection of service data in the implementation of the OpenPGP email encryption standard in the Mozilla Thunderbird email client. An attacker can exploit this vulnerability to reveal protected information.

Recommendations: For Thunderbird versions prior to 128.4.3, update to version 128.4.3 or later. For Thunderbird versions prior to 132.0.1, update to version 132.0.1 or later. As a temporary workaround, consider avoiding the use of remote content in OpenPGP encrypted messages until a patch is available.

Fix

Missing Encryption of Sensitive Data

Side Channel Attack

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311CWE-203CWE-312

Related Identifiers

ALSA-2024:10591

ALSA-2024:10592

ALT-PU-2024-16377

ALT-PU-2025-2027

BDU:2025-00116

CESA-2024_10591

CVE-2024-11159

DLA-3960-1

DSA-5814-1

INFSA-2024_10591

INFSA-2024_10592

MGASA-2024-0365

OESA-2025-1835

OPENSUSE-SU-2024:14497-1

OPENSUSE-SU-2024_4050-1

RHSA-2024:10591

RHSA-2024:10592

RHSA-2024:10667

RHSA-2024:10703

RHSA-2024:10704

RHSA-2024:10710

RHSA-2024:10733

RHSA-2024:10734

RHSA-2024:10748

RHSA-2024_10591

RHSA-2024_10592

RLSA-2024:10591

SUSE-SU-2024:4050-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Red Hat

Rocky Linux

Suse

Thunderbird

CVE-2024-11159

Weakness Enumeration

Related Identifiers

Affected Products

References · 173