5.3
CVE-2024-11159
- EPSS 0.3%
- Veröffentlicht 13.11.2024 14:15:15
- Zuletzt bearbeitet 06.12.2024 20:15:23
- Quelle security@mozilla.org
- CVE-Watchlists
- Unerledigt
Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird < 128.4.3 and Thunderbird < 132.0.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mozilla ≫ Thunderbird Version < 128.4.3
Mozilla ≫ Thunderbird Version >= 129.0 < 132.0.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.214 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.3 | 1.6 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-312 Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
https://bugzilla.mozilla.org/show_bug.cgi?id=1925929
https://www.mozilla.org/security/advisories/mfsa2024-61/
https://www.mozilla.org/security/advisories/mfsa2024-62/
https://lists.debian.org/debian-lts-announce/2024/11/msg00017.html