Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-11159 (GCVE-0-2024-11159)
Vulnerability from cvelistv5
Published
2024-11-13 13:42
Modified
2024-12-06 20:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Potential disclosure of plaintext in OpenPGP encrypted message
Summary
Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird < 128.4.3 and Thunderbird < 132.0.1.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Mozilla | Thunderbird |
Version: unspecified < 128.4.3 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-11-20T11:02:41.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-11159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T21:10:02.822498Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T20:02:31.681Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "128.4.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "132.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Several reporters"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird \u003c 128.4.3 and Thunderbird \u003c 132.0.1."
}
],
"value": "Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird \u003c 128.4.3 and Thunderbird \u003c 132.0.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Potential disclosure of plaintext in OpenPGP encrypted message",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T13:42:50.499Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1925929"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-61/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-62/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-11159",
"datePublished": "2024-11-13T13:42:50.499Z",
"dateReserved": "2024-11-12T18:40:18.348Z",
"dateUpdated": "2024-12-06T20:02:31.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-11159\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2024-11-13T14:15:15.330\",\"lastModified\":\"2024-12-06T20:15:23.937\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird \u003c 128.4.3 and Thunderbird \u003c 132.0.1.\"},{\"lang\":\"es\",\"value\":\"El uso de contenido remoto en mensajes cifrados con OpenPGP puede provocar la divulgaci\u00f3n de texto plano. Esta vulnerabilidad afecta a Thunderbird \u0026lt; 128.4.3 y Thunderbird \u0026lt; 132.0.1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-312\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"128.4.3\",\"matchCriteriaId\":\"AFC5B426-F05D-4BC9-B70B-2B219990C5A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"129.0\",\"versionEndExcluding\":\"132.0.1\",\"matchCriteriaId\":\"7662AA1E-5DBA-4BFC-9127-48EAA8AFE5C0\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1925929\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-61/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-62/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/11/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2024/11/msg00017.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-11-20T11:02:41.682Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-11159\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-26T21:10:02.822498Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-312\", \"description\": \"CWE-312 Cleartext Storage of Sensitive Information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-26T21:10:59.829Z\"}}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"value\": \"Several reporters\"}], \"affected\": [{\"vendor\": \"Mozilla\", \"product\": \"Thunderbird\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"128.4.3\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Thunderbird\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"132.0.1\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1925929\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-61/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-62/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird \u003c 128.4.3 and Thunderbird \u003c 132.0.1.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird \u003c 128.4.3 and Thunderbird \u003c 132.0.1.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Potential disclosure of plaintext in OpenPGP encrypted message\"}]}], \"providerMetadata\": {\"orgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"shortName\": \"mozilla\", \"dateUpdated\": \"2024-11-13T13:42:50.499Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-11159\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-06T20:02:31.681Z\", \"dateReserved\": \"2024-11-12T18:40:18.348Z\", \"assignerOrgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"datePublished\": \"2024-11-13T13:42:50.499Z\", \"assignerShortName\": \"mozilla\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
rhsa-2024:10734
Vulnerability from csaf_redhat
Published
2024-12-03 06:35
Modified
2025-08-03 12:30
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
* thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message (CVE-2024-11159)
* firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims (CVE-2024-11694)
* firefox: thunderbird: Unhandled Exception in Add-on Signature Verification (CVE-2024-11696)
* firefox: thunderbird: Select list elements could be shown over another site (CVE-2024-11692)
* firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 (CVE-2024-11699)
* firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters (CVE-2024-11695)
* firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog (CVE-2024-11697)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\n* thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message (CVE-2024-11159)\n\n* firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims (CVE-2024-11694)\n\n* firefox: thunderbird: Unhandled Exception in Add-on Signature Verification (CVE-2024-11696)\n\n* firefox: thunderbird: Select list elements could be shown over another site (CVE-2024-11692)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 (CVE-2024-11699)\n\n* firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters (CVE-2024-11695)\n\n* firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog (CVE-2024-11697)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:10734",
"url": "https://access.redhat.com/errata/RHSA-2024:10734"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2325896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325896"
},
{
"category": "external",
"summary": "2328941",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328941"
},
{
"category": "external",
"summary": "2328943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328943"
},
{
"category": "external",
"summary": "2328946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328946"
},
{
"category": "external",
"summary": "2328947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328947"
},
{
"category": "external",
"summary": "2328948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328948"
},
{
"category": "external",
"summary": "2328950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328950"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10734.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2025-08-03T12:30:39+00:00",
"generator": {
"date": "2025-08-03T12:30:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2024:10734",
"initial_release_date": "2024-12-03T06:35:29+00:00",
"revision_history": [
{
"date": "2024-12-03T06:35:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-12-03T06:35:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-03T12:30:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el8_6.src",
"product": {
"name": "thunderbird-0:128.5.0-1.el8_6.src",
"product_id": "thunderbird-0:128.5.0-1.el8_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el8_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el8_6.x86_64",
"product": {
"name": "thunderbird-0:128.5.0-1.el8_6.x86_64",
"product_id": "thunderbird-0:128.5.0-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el8_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el8_6.aarch64",
"product": {
"name": "thunderbird-0:128.5.0-1.el8_6.aarch64",
"product_id": "thunderbird-0:128.5.0-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el8_6.aarch64",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_6.aarch64",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_6.aarch64",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_6.aarch64",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el8_6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el8_6.ppc64le",
"product": {
"name": "thunderbird-0:128.5.0-1.el8_6.ppc64le",
"product_id": "thunderbird-0:128.5.0-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el8_6.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_6.ppc64le",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_6.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_6.ppc64le",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el8_6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el8_6.s390x",
"product": {
"name": "thunderbird-0:128.5.0-1.el8_6.s390x",
"product_id": "thunderbird-0:128.5.0-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el8_6.s390x",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_6.s390x",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_6.s390x",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_6.s390x",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el8_6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.src"
},
"product_reference": "thunderbird-0:128.5.0-1.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.x86_64"
},
"product_reference": "thunderbird-0:128.5.0-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.aarch64"
},
"product_reference": "thunderbird-0:128.5.0-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.ppc64le"
},
"product_reference": "thunderbird-0:128.5.0-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.s390x"
},
"product_reference": "thunderbird-0:128.5.0-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.src"
},
"product_reference": "thunderbird-0:128.5.0-1.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.x86_64"
},
"product_reference": "thunderbird-0:128.5.0-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.s390x"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.aarch64"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.s390x"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.src"
},
"product_reference": "thunderbird-0:128.5.0-1.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.x86_64"
},
"product_reference": "thunderbird-0:128.5.0-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-11159",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-11-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2325896"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\n\nUsing remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11159"
},
{
"category": "external",
"summary": "RHBZ#2325896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325896"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11159"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11159",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11159"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-61/#CVE-2024-11159",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-61/#CVE-2024-11159"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-62/#CVE-2024-11159",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-62/#CVE-2024-11159"
}
],
"release_date": "2024-11-13T13:42:50.499000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-03T06:35:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10734"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message"
},
{
"cve": "CVE-2024-11692",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2024-11-26T14:02:14.897051+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Select list elements could be shown over another site",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11692"
},
{
"category": "external",
"summary": "RHBZ#2328946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11692"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11692",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11692"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1909535",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1909535"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:56.656000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-03T06:35:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10734"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: Select list elements could be shown over another site"
},
{
"cve": "CVE-2024-11694",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-11-26T14:01:43.613834+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328941"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation\u0027s Security Advisory: Enhanced Tracking Protection\u0027s Strict mode may inadvertently allow a CSP `frame-src` bypass and DOM-based cross-site scripting (XSS) through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames masquerading as legitimate content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11694"
},
{
"category": "external",
"summary": "RHBZ#2328941",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328941"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11694"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11694",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11694"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924167",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924167"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-65/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-65/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:57.989000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-03T06:35:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10734"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims"
},
{
"cve": "CVE-2024-11695",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2024-11-26T14:02:23.105376+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328948"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11695"
},
{
"category": "external",
"summary": "RHBZ#2328948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11695"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11695",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11695"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1925496",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1925496"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:58.459000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-03T06:35:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10734"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters"
},
{
"cve": "CVE-2024-11696",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2024-11-26T14:02:04.025632+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328943"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation\u0027s Security Advisory: The application can fail to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw is triggered by an invalid or unsupported extension manifest and could cause runtime errors that disrupt the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may be bypassed. Signature validation in this context is used to ensure that third-party applications on the user\u0027s computer have not tampered with the user\u0027s extensions, limiting the impact of this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Unhandled Exception in Add-on Signature Verification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11696"
},
{
"category": "external",
"summary": "RHBZ#2328943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11696"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11696",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11696"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929600",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929600"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:59.172000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-03T06:35:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10734"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: Unhandled Exception in Add-on Signature Verification"
},
{
"cve": "CVE-2024-11697",
"cwe": {
"id": "CWE-356",
"name": "Product UI does not Warn User of Unsafe Actions"
},
"discovery_date": "2024-11-26T14:02:44.775492+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328950"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the \"Open Executable File?\" confirmation dialog. This could have led to malicious code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11697"
},
{
"category": "external",
"summary": "RHBZ#2328950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328950"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11697"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842187",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842187"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:59.551000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-03T06:35:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10734"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog"
},
{
"cve": "CVE-2024-11699",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2024-11-26T14:02:18.948638+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328947"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: Memory safety bugs are present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code.\u200b",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11699"
},
{
"category": "external",
"summary": "RHBZ#2328947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11699",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11699"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1880582%2C1929911",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1880582%2C1929911"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:34:02.646000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-03T06:35:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10734"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:thunderbird-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5"
}
]
}
rhsa-2024:10592
Vulnerability from csaf_redhat
Published
2024-12-02 01:28
Modified
2025-08-03 12:30
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
* thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message (CVE-2024-11159)
* firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims (CVE-2024-11694)
* firefox: thunderbird: Unhandled Exception in Add-on Signature Verification (CVE-2024-11696)
* firefox: thunderbird: Select list elements could be shown over another site (CVE-2024-11692)
* firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 (CVE-2024-11699)
* firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters (CVE-2024-11695)
* firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog (CVE-2024-11697)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\n* thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message (CVE-2024-11159)\n\n* firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims (CVE-2024-11694)\n\n* firefox: thunderbird: Unhandled Exception in Add-on Signature Verification (CVE-2024-11696)\n\n* firefox: thunderbird: Select list elements could be shown over another site (CVE-2024-11692)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 (CVE-2024-11699)\n\n* firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters (CVE-2024-11695)\n\n* firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog (CVE-2024-11697)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:10592",
"url": "https://access.redhat.com/errata/RHSA-2024:10592"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2325896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325896"
},
{
"category": "external",
"summary": "2328941",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328941"
},
{
"category": "external",
"summary": "2328943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328943"
},
{
"category": "external",
"summary": "2328946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328946"
},
{
"category": "external",
"summary": "2328947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328947"
},
{
"category": "external",
"summary": "2328948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328948"
},
{
"category": "external",
"summary": "2328950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328950"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10592.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2025-08-03T12:30:33+00:00",
"generator": {
"date": "2025-08-03T12:30:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2024:10592",
"initial_release_date": "2024-12-02T01:28:14+00:00",
"revision_history": [
{
"date": "2024-12-02T01:28:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-12-02T01:28:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-03T12:30:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el9_5.src",
"product": {
"name": "thunderbird-0:128.5.0-1.el9_5.src",
"product_id": "thunderbird-0:128.5.0-1.el9_5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el9_5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el9_5.aarch64",
"product": {
"name": "thunderbird-0:128.5.0-1.el9_5.aarch64",
"product_id": "thunderbird-0:128.5.0-1.el9_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el9_5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el9_5.aarch64",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_5.aarch64",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el9_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el9_5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_5.aarch64",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_5.aarch64",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el9_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el9_5?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el9_5.ppc64le",
"product": {
"name": "thunderbird-0:128.5.0-1.el9_5.ppc64le",
"product_id": "thunderbird-0:128.5.0-1.el9_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el9_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el9_5.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_5.ppc64le",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el9_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el9_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_5.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_5.ppc64le",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el9_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el9_5?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el9_5.x86_64",
"product": {
"name": "thunderbird-0:128.5.0-1.el9_5.x86_64",
"product_id": "thunderbird-0:128.5.0-1.el9_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el9_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el9_5.x86_64",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_5.x86_64",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el9_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el9_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_5.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_5.x86_64",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el9_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el9_5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el9_5.s390x",
"product": {
"name": "thunderbird-0:128.5.0-1.el9_5.s390x",
"product_id": "thunderbird-0:128.5.0-1.el9_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el9_5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el9_5.s390x",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_5.s390x",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el9_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el9_5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_5.s390x",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_5.s390x",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el9_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el9_5?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el9_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.aarch64"
},
"product_reference": "thunderbird-0:128.5.0-1.el9_5.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el9_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.ppc64le"
},
"product_reference": "thunderbird-0:128.5.0-1.el9_5.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el9_5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.s390x"
},
"product_reference": "thunderbird-0:128.5.0-1.el9_5.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el9_5.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.src"
},
"product_reference": "thunderbird-0:128.5.0-1.el9_5.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el9_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.x86_64"
},
"product_reference": "thunderbird-0:128.5.0-1.el9_5.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el9_5.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el9_5.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.s390x"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el9_5.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el9_5.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.aarch64"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el9_5.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el9_5.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.s390x"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el9_5.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.x86_64"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el9_5.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-11159",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-11-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2325896"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\n\nUsing remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.src",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11159"
},
{
"category": "external",
"summary": "RHBZ#2325896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325896"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11159"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11159",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11159"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-61/#CVE-2024-11159",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-61/#CVE-2024-11159"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-62/#CVE-2024-11159",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-62/#CVE-2024-11159"
}
],
"release_date": "2024-11-13T13:42:50.499000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T01:28:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.src",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10592"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.src",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message"
},
{
"cve": "CVE-2024-11692",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2024-11-26T14:02:14.897051+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Select list elements could be shown over another site",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.src",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11692"
},
{
"category": "external",
"summary": "RHBZ#2328946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11692"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11692",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11692"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1909535",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1909535"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:56.656000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T01:28:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.src",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10592"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.src",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: Select list elements could be shown over another site"
},
{
"cve": "CVE-2024-11694",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-11-26T14:01:43.613834+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328941"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation\u0027s Security Advisory: Enhanced Tracking Protection\u0027s Strict mode may inadvertently allow a CSP `frame-src` bypass and DOM-based cross-site scripting (XSS) through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames masquerading as legitimate content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.src",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11694"
},
{
"category": "external",
"summary": "RHBZ#2328941",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328941"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11694"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11694",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11694"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924167",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924167"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-65/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-65/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:57.989000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T01:28:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.src",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10592"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.src",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims"
},
{
"cve": "CVE-2024-11695",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2024-11-26T14:02:23.105376+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328948"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.src",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11695"
},
{
"category": "external",
"summary": "RHBZ#2328948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11695"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11695",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11695"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1925496",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1925496"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:58.459000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T01:28:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.src",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10592"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.src",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters"
},
{
"cve": "CVE-2024-11696",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2024-11-26T14:02:04.025632+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328943"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation\u0027s Security Advisory: The application can fail to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw is triggered by an invalid or unsupported extension manifest and could cause runtime errors that disrupt the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may be bypassed. Signature validation in this context is used to ensure that third-party applications on the user\u0027s computer have not tampered with the user\u0027s extensions, limiting the impact of this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Unhandled Exception in Add-on Signature Verification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.src",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11696"
},
{
"category": "external",
"summary": "RHBZ#2328943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11696"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11696",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11696"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929600",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929600"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:59.172000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T01:28:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.src",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10592"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.src",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: Unhandled Exception in Add-on Signature Verification"
},
{
"cve": "CVE-2024-11697",
"cwe": {
"id": "CWE-356",
"name": "Product UI does not Warn User of Unsafe Actions"
},
"discovery_date": "2024-11-26T14:02:44.775492+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328950"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the \"Open Executable File?\" confirmation dialog. This could have led to malicious code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.src",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11697"
},
{
"category": "external",
"summary": "RHBZ#2328950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328950"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11697"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842187",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842187"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:59.551000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T01:28:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.src",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10592"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.src",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog"
},
{
"cve": "CVE-2024-11699",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2024-11-26T14:02:18.948638+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328947"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: Memory safety bugs are present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code.\u200b",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.src",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11699"
},
{
"category": "external",
"summary": "RHBZ#2328947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11699",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11699"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1880582%2C1929911",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1880582%2C1929911"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:34:02.646000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T01:28:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.src",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10592"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.src",
"AppStream-9.5.0.Z.MAIN:thunderbird-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debuginfo-0:128.5.0-1.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:thunderbird-debugsource-0:128.5.0-1.el9_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5"
}
]
}
rhsa-2024:10667
Vulnerability from csaf_redhat
Published
2024-12-02 11:44
Modified
2025-08-03 12:30
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
* thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message (CVE-2024-11159)
* firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims (CVE-2024-11694)
* firefox: thunderbird: Unhandled Exception in Add-on Signature Verification (CVE-2024-11696)
* firefox: thunderbird: Select list elements could be shown over another site (CVE-2024-11692)
* firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 (CVE-2024-11699)
* firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters (CVE-2024-11695)
* firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog (CVE-2024-11697)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\n* thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message (CVE-2024-11159)\n\n* firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims (CVE-2024-11694)\n\n* firefox: thunderbird: Unhandled Exception in Add-on Signature Verification (CVE-2024-11696)\n\n* firefox: thunderbird: Select list elements could be shown over another site (CVE-2024-11692)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 (CVE-2024-11699)\n\n* firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters (CVE-2024-11695)\n\n* firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog (CVE-2024-11697)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:10667",
"url": "https://access.redhat.com/errata/RHSA-2024:10667"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2325896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325896"
},
{
"category": "external",
"summary": "2328941",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328941"
},
{
"category": "external",
"summary": "2328943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328943"
},
{
"category": "external",
"summary": "2328946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328946"
},
{
"category": "external",
"summary": "2328947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328947"
},
{
"category": "external",
"summary": "2328948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328948"
},
{
"category": "external",
"summary": "2328950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328950"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10667.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2025-08-03T12:30:56+00:00",
"generator": {
"date": "2025-08-03T12:30:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2024:10667",
"initial_release_date": "2024-12-02T11:44:43+00:00",
"revision_history": [
{
"date": "2024-12-02T11:44:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-12-02T11:44:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-03T12:30:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el9_2.src",
"product": {
"name": "thunderbird-0:128.5.0-1.el9_2.src",
"product_id": "thunderbird-0:128.5.0-1.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el9_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el9_2.aarch64",
"product": {
"name": "thunderbird-0:128.5.0-1.el9_2.aarch64",
"product_id": "thunderbird-0:128.5.0-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el9_2.aarch64",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_2.aarch64",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_2.aarch64",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_2.aarch64",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el9_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el9_2.ppc64le",
"product": {
"name": "thunderbird-0:128.5.0-1.el9_2.ppc64le",
"product_id": "thunderbird-0:128.5.0-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el9_2.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_2.ppc64le",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_2.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_2.ppc64le",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el9_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el9_2.x86_64",
"product": {
"name": "thunderbird-0:128.5.0-1.el9_2.x86_64",
"product_id": "thunderbird-0:128.5.0-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el9_2.x86_64",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_2.x86_64",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_2.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_2.x86_64",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el9_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el9_2.s390x",
"product": {
"name": "thunderbird-0:128.5.0-1.el9_2.s390x",
"product_id": "thunderbird-0:128.5.0-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el9_2.s390x",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_2.s390x",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_2.s390x",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_2.s390x",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el9_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.aarch64"
},
"product_reference": "thunderbird-0:128.5.0-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.ppc64le"
},
"product_reference": "thunderbird-0:128.5.0-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.s390x"
},
"product_reference": "thunderbird-0:128.5.0-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el9_2.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.src"
},
"product_reference": "thunderbird-0:128.5.0-1.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.x86_64"
},
"product_reference": "thunderbird-0:128.5.0-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.s390x"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.aarch64"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.s390x"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.x86_64"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-11159",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-11-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2325896"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\n\nUsing remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11159"
},
{
"category": "external",
"summary": "RHBZ#2325896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325896"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11159"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11159",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11159"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-61/#CVE-2024-11159",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-61/#CVE-2024-11159"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-62/#CVE-2024-11159",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-62/#CVE-2024-11159"
}
],
"release_date": "2024-11-13T13:42:50.499000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T11:44:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10667"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message"
},
{
"cve": "CVE-2024-11692",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2024-11-26T14:02:14.897051+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Select list elements could be shown over another site",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11692"
},
{
"category": "external",
"summary": "RHBZ#2328946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11692"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11692",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11692"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1909535",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1909535"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:56.656000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T11:44:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10667"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: Select list elements could be shown over another site"
},
{
"cve": "CVE-2024-11694",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-11-26T14:01:43.613834+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328941"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation\u0027s Security Advisory: Enhanced Tracking Protection\u0027s Strict mode may inadvertently allow a CSP `frame-src` bypass and DOM-based cross-site scripting (XSS) through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames masquerading as legitimate content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11694"
},
{
"category": "external",
"summary": "RHBZ#2328941",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328941"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11694"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11694",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11694"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924167",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924167"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-65/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-65/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:57.989000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T11:44:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10667"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims"
},
{
"cve": "CVE-2024-11695",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2024-11-26T14:02:23.105376+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328948"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11695"
},
{
"category": "external",
"summary": "RHBZ#2328948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11695"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11695",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11695"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1925496",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1925496"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:58.459000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T11:44:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10667"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters"
},
{
"cve": "CVE-2024-11696",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2024-11-26T14:02:04.025632+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328943"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation\u0027s Security Advisory: The application can fail to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw is triggered by an invalid or unsupported extension manifest and could cause runtime errors that disrupt the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may be bypassed. Signature validation in this context is used to ensure that third-party applications on the user\u0027s computer have not tampered with the user\u0027s extensions, limiting the impact of this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Unhandled Exception in Add-on Signature Verification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11696"
},
{
"category": "external",
"summary": "RHBZ#2328943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11696"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11696",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11696"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929600",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929600"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:59.172000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T11:44:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10667"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: Unhandled Exception in Add-on Signature Verification"
},
{
"cve": "CVE-2024-11697",
"cwe": {
"id": "CWE-356",
"name": "Product UI does not Warn User of Unsafe Actions"
},
"discovery_date": "2024-11-26T14:02:44.775492+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328950"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the \"Open Executable File?\" confirmation dialog. This could have led to malicious code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11697"
},
{
"category": "external",
"summary": "RHBZ#2328950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328950"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11697"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842187",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842187"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:59.551000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T11:44:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10667"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog"
},
{
"cve": "CVE-2024-11699",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2024-11-26T14:02:18.948638+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328947"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: Memory safety bugs are present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code.\u200b",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11699"
},
{
"category": "external",
"summary": "RHBZ#2328947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11699",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11699"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1880582%2C1929911",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1880582%2C1929911"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:34:02.646000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T11:44:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10667"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:thunderbird-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5"
}
]
}
rhsa-2024:10710
Vulnerability from csaf_redhat
Published
2024-12-02 19:01
Modified
2025-08-03 12:30
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
* thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message (CVE-2024-11159)
* firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims (CVE-2024-11694)
* firefox: thunderbird: Unhandled Exception in Add-on Signature Verification (CVE-2024-11696)
* firefox: thunderbird: Select list elements could be shown over another site (CVE-2024-11692)
* firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 (CVE-2024-11699)
* firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters (CVE-2024-11695)
* firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog (CVE-2024-11697)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\n* thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message (CVE-2024-11159)\n\n* firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims (CVE-2024-11694)\n\n* firefox: thunderbird: Unhandled Exception in Add-on Signature Verification (CVE-2024-11696)\n\n* firefox: thunderbird: Select list elements could be shown over another site (CVE-2024-11692)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 (CVE-2024-11699)\n\n* firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters (CVE-2024-11695)\n\n* firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog (CVE-2024-11697)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:10710",
"url": "https://access.redhat.com/errata/RHSA-2024:10710"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2325896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325896"
},
{
"category": "external",
"summary": "2328941",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328941"
},
{
"category": "external",
"summary": "2328943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328943"
},
{
"category": "external",
"summary": "2328946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328946"
},
{
"category": "external",
"summary": "2328947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328947"
},
{
"category": "external",
"summary": "2328948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328948"
},
{
"category": "external",
"summary": "2328950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328950"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10710.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2025-08-03T12:30:27+00:00",
"generator": {
"date": "2025-08-03T12:30:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2024:10710",
"initial_release_date": "2024-12-02T19:01:48+00:00",
"revision_history": [
{
"date": "2024-12-02T19:01:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-12-02T19:01:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-03T12:30:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el8_8.src",
"product": {
"name": "thunderbird-0:128.5.0-1.el8_8.src",
"product_id": "thunderbird-0:128.5.0-1.el8_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el8_8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el8_8.aarch64",
"product": {
"name": "thunderbird-0:128.5.0-1.el8_8.aarch64",
"product_id": "thunderbird-0:128.5.0-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el8_8.aarch64",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_8.aarch64",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_8.aarch64",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_8.aarch64",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el8_8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el8_8.ppc64le",
"product": {
"name": "thunderbird-0:128.5.0-1.el8_8.ppc64le",
"product_id": "thunderbird-0:128.5.0-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el8_8.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_8.ppc64le",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_8.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_8.ppc64le",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el8_8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el8_8.x86_64",
"product": {
"name": "thunderbird-0:128.5.0-1.el8_8.x86_64",
"product_id": "thunderbird-0:128.5.0-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el8_8.x86_64",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_8.x86_64",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_8.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_8.x86_64",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el8_8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el8_8.s390x",
"product": {
"name": "thunderbird-0:128.5.0-1.el8_8.s390x",
"product_id": "thunderbird-0:128.5.0-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el8_8.s390x",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_8.s390x",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_8.s390x",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_8.s390x",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el8_8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.aarch64"
},
"product_reference": "thunderbird-0:128.5.0-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.ppc64le"
},
"product_reference": "thunderbird-0:128.5.0-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.s390x"
},
"product_reference": "thunderbird-0:128.5.0-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el8_8.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.src"
},
"product_reference": "thunderbird-0:128.5.0-1.el8_8.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.x86_64"
},
"product_reference": "thunderbird-0:128.5.0-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.s390x"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.aarch64"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.s390x"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.x86_64"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-11159",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-11-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2325896"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\n\nUsing remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11159"
},
{
"category": "external",
"summary": "RHBZ#2325896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325896"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11159"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11159",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11159"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-61/#CVE-2024-11159",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-61/#CVE-2024-11159"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-62/#CVE-2024-11159",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-62/#CVE-2024-11159"
}
],
"release_date": "2024-11-13T13:42:50.499000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T19:01:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10710"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message"
},
{
"cve": "CVE-2024-11692",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2024-11-26T14:02:14.897051+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Select list elements could be shown over another site",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11692"
},
{
"category": "external",
"summary": "RHBZ#2328946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11692"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11692",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11692"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1909535",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1909535"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:56.656000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T19:01:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10710"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: Select list elements could be shown over another site"
},
{
"cve": "CVE-2024-11694",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-11-26T14:01:43.613834+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328941"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation\u0027s Security Advisory: Enhanced Tracking Protection\u0027s Strict mode may inadvertently allow a CSP `frame-src` bypass and DOM-based cross-site scripting (XSS) through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames masquerading as legitimate content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11694"
},
{
"category": "external",
"summary": "RHBZ#2328941",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328941"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11694"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11694",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11694"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924167",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924167"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-65/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-65/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:57.989000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T19:01:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10710"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims"
},
{
"cve": "CVE-2024-11695",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2024-11-26T14:02:23.105376+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328948"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11695"
},
{
"category": "external",
"summary": "RHBZ#2328948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11695"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11695",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11695"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1925496",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1925496"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:58.459000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T19:01:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10710"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters"
},
{
"cve": "CVE-2024-11696",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2024-11-26T14:02:04.025632+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328943"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation\u0027s Security Advisory: The application can fail to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw is triggered by an invalid or unsupported extension manifest and could cause runtime errors that disrupt the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may be bypassed. Signature validation in this context is used to ensure that third-party applications on the user\u0027s computer have not tampered with the user\u0027s extensions, limiting the impact of this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Unhandled Exception in Add-on Signature Verification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11696"
},
{
"category": "external",
"summary": "RHBZ#2328943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11696"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11696",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11696"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929600",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929600"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:59.172000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T19:01:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10710"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: Unhandled Exception in Add-on Signature Verification"
},
{
"cve": "CVE-2024-11697",
"cwe": {
"id": "CWE-356",
"name": "Product UI does not Warn User of Unsafe Actions"
},
"discovery_date": "2024-11-26T14:02:44.775492+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328950"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the \"Open Executable File?\" confirmation dialog. This could have led to malicious code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11697"
},
{
"category": "external",
"summary": "RHBZ#2328950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328950"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11697"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842187",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842187"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:59.551000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T19:01:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10710"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog"
},
{
"cve": "CVE-2024-11699",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2024-11-26T14:02:18.948638+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328947"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: Memory safety bugs are present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code.\u200b",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11699"
},
{
"category": "external",
"summary": "RHBZ#2328947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11699",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11699"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1880582%2C1929911",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1880582%2C1929911"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:34:02.646000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T19:01:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10710"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:thunderbird-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5"
}
]
}
rhsa-2024:10733
Vulnerability from csaf_redhat
Published
2024-12-03 01:47
Modified
2025-08-03 12:30
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
* thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message (CVE-2024-11159)
* firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims (CVE-2024-11694)
* firefox: thunderbird: Unhandled Exception in Add-on Signature Verification (CVE-2024-11696)
* firefox: thunderbird: Select list elements could be shown over another site (CVE-2024-11692)
* firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 (CVE-2024-11699)
* firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters (CVE-2024-11695)
* firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog (CVE-2024-11697)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\n* thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message (CVE-2024-11159)\n\n* firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims (CVE-2024-11694)\n\n* firefox: thunderbird: Unhandled Exception in Add-on Signature Verification (CVE-2024-11696)\n\n* firefox: thunderbird: Select list elements could be shown over another site (CVE-2024-11692)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 (CVE-2024-11699)\n\n* firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters (CVE-2024-11695)\n\n* firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog (CVE-2024-11697)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:10733",
"url": "https://access.redhat.com/errata/RHSA-2024:10733"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2325896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325896"
},
{
"category": "external",
"summary": "2328941",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328941"
},
{
"category": "external",
"summary": "2328943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328943"
},
{
"category": "external",
"summary": "2328946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328946"
},
{
"category": "external",
"summary": "2328947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328947"
},
{
"category": "external",
"summary": "2328948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328948"
},
{
"category": "external",
"summary": "2328950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328950"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10733.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2025-08-03T12:30:51+00:00",
"generator": {
"date": "2025-08-03T12:30:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2024:10733",
"initial_release_date": "2024-12-03T01:47:24+00:00",
"revision_history": [
{
"date": "2024-12-03T01:47:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-12-03T01:47:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-03T12:30:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el8_4.src",
"product": {
"name": "thunderbird-0:128.5.0-1.el8_4.src",
"product_id": "thunderbird-0:128.5.0-1.el8_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el8_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el8_4.x86_64",
"product": {
"name": "thunderbird-0:128.5.0-1.el8_4.x86_64",
"product_id": "thunderbird-0:128.5.0-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el8_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el8_4.ppc64le",
"product": {
"name": "thunderbird-0:128.5.0-1.el8_4.ppc64le",
"product_id": "thunderbird-0:128.5.0-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el8_4.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_4.ppc64le",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_4.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_4.ppc64le",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el8_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.src"
},
"product_reference": "thunderbird-0:128.5.0-1.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.x86_64"
},
"product_reference": "thunderbird-0:128.5.0-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.ppc64le"
},
"product_reference": "thunderbird-0:128.5.0-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.src"
},
"product_reference": "thunderbird-0:128.5.0-1.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.x86_64"
},
"product_reference": "thunderbird-0:128.5.0-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.src"
},
"product_reference": "thunderbird-0:128.5.0-1.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.x86_64"
},
"product_reference": "thunderbird-0:128.5.0-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-11159",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-11-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2325896"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\n\nUsing remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11159"
},
{
"category": "external",
"summary": "RHBZ#2325896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325896"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11159"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11159",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11159"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-61/#CVE-2024-11159",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-61/#CVE-2024-11159"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-62/#CVE-2024-11159",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-62/#CVE-2024-11159"
}
],
"release_date": "2024-11-13T13:42:50.499000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-03T01:47:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10733"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message"
},
{
"cve": "CVE-2024-11692",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2024-11-26T14:02:14.897051+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Select list elements could be shown over another site",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11692"
},
{
"category": "external",
"summary": "RHBZ#2328946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11692"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11692",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11692"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1909535",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1909535"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:56.656000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-03T01:47:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10733"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: Select list elements could be shown over another site"
},
{
"cve": "CVE-2024-11694",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-11-26T14:01:43.613834+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328941"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation\u0027s Security Advisory: Enhanced Tracking Protection\u0027s Strict mode may inadvertently allow a CSP `frame-src` bypass and DOM-based cross-site scripting (XSS) through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames masquerading as legitimate content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11694"
},
{
"category": "external",
"summary": "RHBZ#2328941",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328941"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11694"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11694",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11694"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924167",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924167"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-65/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-65/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:57.989000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-03T01:47:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10733"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims"
},
{
"cve": "CVE-2024-11695",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2024-11-26T14:02:23.105376+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328948"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11695"
},
{
"category": "external",
"summary": "RHBZ#2328948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11695"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11695",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11695"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1925496",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1925496"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:58.459000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-03T01:47:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10733"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters"
},
{
"cve": "CVE-2024-11696",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2024-11-26T14:02:04.025632+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328943"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation\u0027s Security Advisory: The application can fail to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw is triggered by an invalid or unsupported extension manifest and could cause runtime errors that disrupt the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may be bypassed. Signature validation in this context is used to ensure that third-party applications on the user\u0027s computer have not tampered with the user\u0027s extensions, limiting the impact of this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Unhandled Exception in Add-on Signature Verification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11696"
},
{
"category": "external",
"summary": "RHBZ#2328943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11696"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11696",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11696"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929600",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929600"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:59.172000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-03T01:47:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10733"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: Unhandled Exception in Add-on Signature Verification"
},
{
"cve": "CVE-2024-11697",
"cwe": {
"id": "CWE-356",
"name": "Product UI does not Warn User of Unsafe Actions"
},
"discovery_date": "2024-11-26T14:02:44.775492+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328950"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the \"Open Executable File?\" confirmation dialog. This could have led to malicious code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11697"
},
{
"category": "external",
"summary": "RHBZ#2328950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328950"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11697"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842187",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842187"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:59.551000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-03T01:47:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10733"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog"
},
{
"cve": "CVE-2024-11699",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2024-11-26T14:02:18.948638+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328947"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: Memory safety bugs are present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code.\u200b",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11699"
},
{
"category": "external",
"summary": "RHBZ#2328947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11699",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11699"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1880582%2C1929911",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1880582%2C1929911"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:34:02.646000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-03T01:47:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10733"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:128.5.0-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:128.5.0-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5"
}
]
}
rhsa-2024:10748
Vulnerability from csaf_redhat
Published
2024-12-03 12:26
Modified
2025-08-03 12:31
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
* thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message (CVE-2024-11159)
* firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims (CVE-2024-11694)
* firefox: thunderbird: Unhandled Exception in Add-on Signature Verification (CVE-2024-11696)
* firefox: thunderbird: Select list elements could be shown over another site (CVE-2024-11692)
* firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 (CVE-2024-11699)
* firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters (CVE-2024-11695)
* firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog (CVE-2024-11697)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\n* thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message (CVE-2024-11159)\n\n* firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims (CVE-2024-11694)\n\n* firefox: thunderbird: Unhandled Exception in Add-on Signature Verification (CVE-2024-11696)\n\n* firefox: thunderbird: Select list elements could be shown over another site (CVE-2024-11692)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 (CVE-2024-11699)\n\n* firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters (CVE-2024-11695)\n\n* firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog (CVE-2024-11697)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:10748",
"url": "https://access.redhat.com/errata/RHSA-2024:10748"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2325896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325896"
},
{
"category": "external",
"summary": "2328941",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328941"
},
{
"category": "external",
"summary": "2328943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328943"
},
{
"category": "external",
"summary": "2328946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328946"
},
{
"category": "external",
"summary": "2328947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328947"
},
{
"category": "external",
"summary": "2328948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328948"
},
{
"category": "external",
"summary": "2328950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328950"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10748.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2025-08-03T12:31:04+00:00",
"generator": {
"date": "2025-08-03T12:31:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2024:10748",
"initial_release_date": "2024-12-03T12:26:25+00:00",
"revision_history": [
{
"date": "2024-12-03T12:26:25+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-12-03T12:26:25+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-03T12:31:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el9_4.src",
"product": {
"name": "thunderbird-0:128.5.0-1.el9_4.src",
"product_id": "thunderbird-0:128.5.0-1.el9_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el9_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el9_4.aarch64",
"product": {
"name": "thunderbird-0:128.5.0-1.el9_4.aarch64",
"product_id": "thunderbird-0:128.5.0-1.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el9_4.aarch64",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_4.aarch64",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_4.aarch64",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_4.aarch64",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el9_4?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el9_4.ppc64le",
"product": {
"name": "thunderbird-0:128.5.0-1.el9_4.ppc64le",
"product_id": "thunderbird-0:128.5.0-1.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el9_4.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_4.ppc64le",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_4.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_4.ppc64le",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el9_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el9_4.x86_64",
"product": {
"name": "thunderbird-0:128.5.0-1.el9_4.x86_64",
"product_id": "thunderbird-0:128.5.0-1.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el9_4.x86_64",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_4.x86_64",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_4.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_4.x86_64",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el9_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el9_4.s390x",
"product": {
"name": "thunderbird-0:128.5.0-1.el9_4.s390x",
"product_id": "thunderbird-0:128.5.0-1.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el9_4.s390x",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_4.s390x",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_4.s390x",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_4.s390x",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el9_4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.aarch64"
},
"product_reference": "thunderbird-0:128.5.0-1.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.ppc64le"
},
"product_reference": "thunderbird-0:128.5.0-1.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.s390x"
},
"product_reference": "thunderbird-0:128.5.0-1.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el9_4.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.src"
},
"product_reference": "thunderbird-0:128.5.0-1.el9_4.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.x86_64"
},
"product_reference": "thunderbird-0:128.5.0-1.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.s390x"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.aarch64"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.s390x"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.x86_64"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-11159",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-11-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2325896"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\n\nUsing remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11159"
},
{
"category": "external",
"summary": "RHBZ#2325896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325896"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11159"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11159",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11159"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-61/#CVE-2024-11159",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-61/#CVE-2024-11159"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-62/#CVE-2024-11159",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-62/#CVE-2024-11159"
}
],
"release_date": "2024-11-13T13:42:50.499000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-03T12:26:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10748"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message"
},
{
"cve": "CVE-2024-11692",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2024-11-26T14:02:14.897051+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Select list elements could be shown over another site",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11692"
},
{
"category": "external",
"summary": "RHBZ#2328946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11692"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11692",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11692"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1909535",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1909535"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:56.656000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-03T12:26:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10748"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: Select list elements could be shown over another site"
},
{
"cve": "CVE-2024-11694",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-11-26T14:01:43.613834+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328941"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation\u0027s Security Advisory: Enhanced Tracking Protection\u0027s Strict mode may inadvertently allow a CSP `frame-src` bypass and DOM-based cross-site scripting (XSS) through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames masquerading as legitimate content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11694"
},
{
"category": "external",
"summary": "RHBZ#2328941",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328941"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11694"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11694",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11694"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924167",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924167"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-65/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-65/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:57.989000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-03T12:26:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10748"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims"
},
{
"cve": "CVE-2024-11695",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2024-11-26T14:02:23.105376+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328948"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11695"
},
{
"category": "external",
"summary": "RHBZ#2328948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11695"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11695",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11695"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1925496",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1925496"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:58.459000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-03T12:26:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10748"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters"
},
{
"cve": "CVE-2024-11696",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2024-11-26T14:02:04.025632+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328943"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation\u0027s Security Advisory: The application can fail to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw is triggered by an invalid or unsupported extension manifest and could cause runtime errors that disrupt the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may be bypassed. Signature validation in this context is used to ensure that third-party applications on the user\u0027s computer have not tampered with the user\u0027s extensions, limiting the impact of this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Unhandled Exception in Add-on Signature Verification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11696"
},
{
"category": "external",
"summary": "RHBZ#2328943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11696"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11696",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11696"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929600",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929600"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:59.172000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-03T12:26:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10748"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: Unhandled Exception in Add-on Signature Verification"
},
{
"cve": "CVE-2024-11697",
"cwe": {
"id": "CWE-356",
"name": "Product UI does not Warn User of Unsafe Actions"
},
"discovery_date": "2024-11-26T14:02:44.775492+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328950"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the \"Open Executable File?\" confirmation dialog. This could have led to malicious code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11697"
},
{
"category": "external",
"summary": "RHBZ#2328950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328950"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11697"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842187",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842187"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:59.551000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-03T12:26:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10748"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog"
},
{
"cve": "CVE-2024-11699",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2024-11-26T14:02:18.948638+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328947"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: Memory safety bugs are present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code.\u200b",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11699"
},
{
"category": "external",
"summary": "RHBZ#2328947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11699",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11699"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1880582%2C1929911",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1880582%2C1929911"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:34:02.646000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-03T12:26:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10748"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:thunderbird-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debuginfo-0:128.5.0-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:thunderbird-debugsource-0:128.5.0-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5"
}
]
}
rhsa-2024:10703
Vulnerability from csaf_redhat
Published
2024-12-02 17:16
Modified
2025-08-21 03:02
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
* thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message (CVE-2024-11159)
* firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims (CVE-2024-11694)
* firefox: thunderbird: Unhandled Exception in Add-on Signature Verification (CVE-2024-11696)
* firefox: thunderbird: Select list elements could be shown over another site (CVE-2024-11692)
* firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 (CVE-2024-11699)
* firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters (CVE-2024-11695)
* firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog (CVE-2024-11697)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\n* thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message (CVE-2024-11159)\n\n* firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims (CVE-2024-11694)\n\n* firefox: thunderbird: Unhandled Exception in Add-on Signature Verification (CVE-2024-11696)\n\n* firefox: thunderbird: Select list elements could be shown over another site (CVE-2024-11692)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 (CVE-2024-11699)\n\n* firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters (CVE-2024-11695)\n\n* firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog (CVE-2024-11697)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:10703",
"url": "https://access.redhat.com/errata/RHSA-2024:10703"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2325896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325896"
},
{
"category": "external",
"summary": "2328941",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328941"
},
{
"category": "external",
"summary": "2328943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328943"
},
{
"category": "external",
"summary": "2328946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328946"
},
{
"category": "external",
"summary": "2328947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328947"
},
{
"category": "external",
"summary": "2328948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328948"
},
{
"category": "external",
"summary": "2328950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328950"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10703.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2025-08-21T03:02:12+00:00",
"generator": {
"date": "2025-08-21T03:02:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2024:10703",
"initial_release_date": "2024-12-02T17:16:23+00:00",
"revision_history": [
{
"date": "2024-12-02T17:16:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-12-02T17:16:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-21T03:02:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el9_0.src",
"product": {
"name": "thunderbird-0:128.5.0-1.el9_0.src",
"product_id": "thunderbird-0:128.5.0-1.el9_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el9_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el9_0.aarch64",
"product": {
"name": "thunderbird-0:128.5.0-1.el9_0.aarch64",
"product_id": "thunderbird-0:128.5.0-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el9_0.aarch64",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_0.aarch64",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_0.aarch64",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_0.aarch64",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el9_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el9_0.ppc64le",
"product": {
"name": "thunderbird-0:128.5.0-1.el9_0.ppc64le",
"product_id": "thunderbird-0:128.5.0-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el9_0.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_0.ppc64le",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_0.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_0.ppc64le",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el9_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el9_0.x86_64",
"product": {
"name": "thunderbird-0:128.5.0-1.el9_0.x86_64",
"product_id": "thunderbird-0:128.5.0-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el9_0.x86_64",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_0.x86_64",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_0.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_0.x86_64",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el9_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el9_0.s390x",
"product": {
"name": "thunderbird-0:128.5.0-1.el9_0.s390x",
"product_id": "thunderbird-0:128.5.0-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el9_0.s390x",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_0.s390x",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_0.s390x",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_0.s390x",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el9_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.aarch64"
},
"product_reference": "thunderbird-0:128.5.0-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.ppc64le"
},
"product_reference": "thunderbird-0:128.5.0-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.s390x"
},
"product_reference": "thunderbird-0:128.5.0-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el9_0.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.src"
},
"product_reference": "thunderbird-0:128.5.0-1.el9_0.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.x86_64"
},
"product_reference": "thunderbird-0:128.5.0-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.s390x"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.aarch64"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.s390x"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.x86_64"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-11159",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-11-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2325896"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\n\nUsing remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11159"
},
{
"category": "external",
"summary": "RHBZ#2325896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325896"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11159"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11159",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11159"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-61/#CVE-2024-11159",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-61/#CVE-2024-11159"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-62/#CVE-2024-11159",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-62/#CVE-2024-11159"
}
],
"release_date": "2024-11-13T13:42:50.499000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T17:16:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10703"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message"
},
{
"cve": "CVE-2024-11692",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2024-11-26T14:02:14.897051+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Select list elements could be shown over another site",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11692"
},
{
"category": "external",
"summary": "RHBZ#2328946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11692"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11692",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11692"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1909535",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1909535"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:56.656000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T17:16:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10703"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: Select list elements could be shown over another site"
},
{
"cve": "CVE-2024-11694",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-11-26T14:01:43.613834+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328941"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation\u0027s Security Advisory: Enhanced Tracking Protection\u0027s Strict mode may inadvertently allow a CSP `frame-src` bypass and DOM-based cross-site scripting (XSS) through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames masquerading as legitimate content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11694"
},
{
"category": "external",
"summary": "RHBZ#2328941",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328941"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11694"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11694",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11694"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924167",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924167"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-65/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-65/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:57.989000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T17:16:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10703"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims"
},
{
"cve": "CVE-2024-11695",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2024-11-26T14:02:23.105376+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328948"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11695"
},
{
"category": "external",
"summary": "RHBZ#2328948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11695"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11695",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11695"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1925496",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1925496"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:58.459000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T17:16:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10703"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters"
},
{
"cve": "CVE-2024-11696",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2024-11-26T14:02:04.025632+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328943"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation\u0027s Security Advisory: The application can fail to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw is triggered by an invalid or unsupported extension manifest and could cause runtime errors that disrupt the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may be bypassed. Signature validation in this context is used to ensure that third-party applications on the user\u0027s computer have not tampered with the user\u0027s extensions, limiting the impact of this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Unhandled Exception in Add-on Signature Verification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11696"
},
{
"category": "external",
"summary": "RHBZ#2328943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11696"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11696",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11696"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929600",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929600"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:59.172000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T17:16:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10703"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: Unhandled Exception in Add-on Signature Verification"
},
{
"cve": "CVE-2024-11697",
"cwe": {
"id": "CWE-356",
"name": "Product UI does not Warn User of Unsafe Actions"
},
"discovery_date": "2024-11-26T14:02:44.775492+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328950"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the \"Open Executable File?\" confirmation dialog. This could have led to malicious code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11697"
},
{
"category": "external",
"summary": "RHBZ#2328950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328950"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11697"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842187",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842187"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:59.551000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T17:16:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10703"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog"
},
{
"cve": "CVE-2024-11699",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2024-11-26T14:02:18.948638+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328947"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: Memory safety bugs are present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code.\u200b",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11699"
},
{
"category": "external",
"summary": "RHBZ#2328947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11699",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11699"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1880582%2C1929911",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1880582%2C1929911"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:34:02.646000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T17:16:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10703"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:thunderbird-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debuginfo-0:128.5.0-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:thunderbird-debugsource-0:128.5.0-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5"
}
]
}
rhsa-2024:10591
Vulnerability from csaf_redhat
Published
2024-12-02 01:57
Modified
2025-08-03 12:30
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
* thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message (CVE-2024-11159)
* firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims (CVE-2024-11694)
* firefox: thunderbird: Unhandled Exception in Add-on Signature Verification (CVE-2024-11696)
* firefox: thunderbird: Select list elements could be shown over another site (CVE-2024-11692)
* firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 (CVE-2024-11699)
* firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters (CVE-2024-11695)
* firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog (CVE-2024-11697)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\n* thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message (CVE-2024-11159)\n\n* firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims (CVE-2024-11694)\n\n* firefox: thunderbird: Unhandled Exception in Add-on Signature Verification (CVE-2024-11696)\n\n* firefox: thunderbird: Select list elements could be shown over another site (CVE-2024-11692)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 (CVE-2024-11699)\n\n* firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters (CVE-2024-11695)\n\n* firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog (CVE-2024-11697)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:10591",
"url": "https://access.redhat.com/errata/RHSA-2024:10591"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2325896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325896"
},
{
"category": "external",
"summary": "2328941",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328941"
},
{
"category": "external",
"summary": "2328943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328943"
},
{
"category": "external",
"summary": "2328946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328946"
},
{
"category": "external",
"summary": "2328947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328947"
},
{
"category": "external",
"summary": "2328948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328948"
},
{
"category": "external",
"summary": "2328950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328950"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10591.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2025-08-03T12:30:44+00:00",
"generator": {
"date": "2025-08-03T12:30:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2024:10591",
"initial_release_date": "2024-12-02T01:57:56+00:00",
"revision_history": [
{
"date": "2024-12-02T01:57:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-12-02T01:57:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-03T12:30:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el8_10.src",
"product": {
"name": "thunderbird-0:128.5.0-1.el8_10.src",
"product_id": "thunderbird-0:128.5.0-1.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el8_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el8_10.aarch64",
"product": {
"name": "thunderbird-0:128.5.0-1.el8_10.aarch64",
"product_id": "thunderbird-0:128.5.0-1.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el8_10.aarch64",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_10.aarch64",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_10.aarch64",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_10.aarch64",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el8_10?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el8_10.ppc64le",
"product": {
"name": "thunderbird-0:128.5.0-1.el8_10.ppc64le",
"product_id": "thunderbird-0:128.5.0-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el8_10.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_10.ppc64le",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_10.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_10.ppc64le",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el8_10?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el8_10.x86_64",
"product": {
"name": "thunderbird-0:128.5.0-1.el8_10.x86_64",
"product_id": "thunderbird-0:128.5.0-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el8_10.x86_64",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_10.x86_64",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_10.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_10.x86_64",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el8_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el8_10.s390x",
"product": {
"name": "thunderbird-0:128.5.0-1.el8_10.s390x",
"product_id": "thunderbird-0:128.5.0-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el8_10.s390x",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_10.s390x",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_10.s390x",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_10.s390x",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el8_10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.aarch64"
},
"product_reference": "thunderbird-0:128.5.0-1.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.ppc64le"
},
"product_reference": "thunderbird-0:128.5.0-1.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.s390x"
},
"product_reference": "thunderbird-0:128.5.0-1.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el8_10.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.src"
},
"product_reference": "thunderbird-0:128.5.0-1.el8_10.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.x86_64"
},
"product_reference": "thunderbird-0:128.5.0-1.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.s390x"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.aarch64"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.s390x"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.x86_64"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-11159",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-11-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2325896"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\n\nUsing remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11159"
},
{
"category": "external",
"summary": "RHBZ#2325896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325896"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11159"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11159",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11159"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-61/#CVE-2024-11159",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-61/#CVE-2024-11159"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-62/#CVE-2024-11159",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-62/#CVE-2024-11159"
}
],
"release_date": "2024-11-13T13:42:50.499000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T01:57:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10591"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message"
},
{
"cve": "CVE-2024-11692",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2024-11-26T14:02:14.897051+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Select list elements could be shown over another site",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11692"
},
{
"category": "external",
"summary": "RHBZ#2328946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11692"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11692",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11692"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1909535",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1909535"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:56.656000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T01:57:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10591"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: Select list elements could be shown over another site"
},
{
"cve": "CVE-2024-11694",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-11-26T14:01:43.613834+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328941"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation\u0027s Security Advisory: Enhanced Tracking Protection\u0027s Strict mode may inadvertently allow a CSP `frame-src` bypass and DOM-based cross-site scripting (XSS) through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames masquerading as legitimate content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11694"
},
{
"category": "external",
"summary": "RHBZ#2328941",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328941"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11694"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11694",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11694"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924167",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924167"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-65/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-65/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:57.989000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T01:57:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10591"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims"
},
{
"cve": "CVE-2024-11695",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2024-11-26T14:02:23.105376+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328948"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11695"
},
{
"category": "external",
"summary": "RHBZ#2328948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11695"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11695",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11695"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1925496",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1925496"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:58.459000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T01:57:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10591"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters"
},
{
"cve": "CVE-2024-11696",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2024-11-26T14:02:04.025632+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328943"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation\u0027s Security Advisory: The application can fail to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw is triggered by an invalid or unsupported extension manifest and could cause runtime errors that disrupt the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may be bypassed. Signature validation in this context is used to ensure that third-party applications on the user\u0027s computer have not tampered with the user\u0027s extensions, limiting the impact of this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Unhandled Exception in Add-on Signature Verification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11696"
},
{
"category": "external",
"summary": "RHBZ#2328943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11696"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11696",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11696"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929600",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929600"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:59.172000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T01:57:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10591"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: Unhandled Exception in Add-on Signature Verification"
},
{
"cve": "CVE-2024-11697",
"cwe": {
"id": "CWE-356",
"name": "Product UI does not Warn User of Unsafe Actions"
},
"discovery_date": "2024-11-26T14:02:44.775492+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328950"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the \"Open Executable File?\" confirmation dialog. This could have led to malicious code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11697"
},
{
"category": "external",
"summary": "RHBZ#2328950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328950"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11697"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842187",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842187"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:59.551000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T01:57:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10591"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog"
},
{
"cve": "CVE-2024-11699",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2024-11-26T14:02:18.948638+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328947"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: Memory safety bugs are present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code.\u200b",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11699"
},
{
"category": "external",
"summary": "RHBZ#2328947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11699",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11699"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1880582%2C1929911",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1880582%2C1929911"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:34:02.646000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T01:57:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10591"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debuginfo-0:128.5.0-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:thunderbird-debugsource-0:128.5.0-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5"
}
]
}
rhsa-2024:10704
Vulnerability from csaf_redhat
Published
2024-12-02 17:16
Modified
2025-08-03 12:30
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
* thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message (CVE-2024-11159)
* firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims (CVE-2024-11694)
* firefox: thunderbird: Unhandled Exception in Add-on Signature Verification (CVE-2024-11696)
* firefox: thunderbird: Select list elements could be shown over another site (CVE-2024-11692)
* firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 (CVE-2024-11699)
* firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters (CVE-2024-11695)
* firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog (CVE-2024-11697)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\n* thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message (CVE-2024-11159)\n\n* firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims (CVE-2024-11694)\n\n* firefox: thunderbird: Unhandled Exception in Add-on Signature Verification (CVE-2024-11696)\n\n* firefox: thunderbird: Select list elements could be shown over another site (CVE-2024-11692)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 (CVE-2024-11699)\n\n* firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters (CVE-2024-11695)\n\n* firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog (CVE-2024-11697)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:10704",
"url": "https://access.redhat.com/errata/RHSA-2024:10704"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2325896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325896"
},
{
"category": "external",
"summary": "2328941",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328941"
},
{
"category": "external",
"summary": "2328943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328943"
},
{
"category": "external",
"summary": "2328946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328946"
},
{
"category": "external",
"summary": "2328947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328947"
},
{
"category": "external",
"summary": "2328948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328948"
},
{
"category": "external",
"summary": "2328950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328950"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10704.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2025-08-03T12:30:15+00:00",
"generator": {
"date": "2025-08-03T12:30:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2024:10704",
"initial_release_date": "2024-12-02T17:16:45+00:00",
"revision_history": [
{
"date": "2024-12-02T17:16:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-12-02T17:16:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-03T12:30:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el8_2.src",
"product": {
"name": "thunderbird-0:128.5.0-1.el8_2.src",
"product_id": "thunderbird-0:128.5.0-1.el8_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el8_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:128.5.0-1.el8_2.x86_64",
"product": {
"name": "thunderbird-0:128.5.0-1.el8_2.x86_64",
"product_id": "thunderbird-0:128.5.0-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@128.5.0-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:128.5.0-1.el8_2.x86_64",
"product": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_2.x86_64",
"product_id": "thunderbird-debugsource-0:128.5.0-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@128.5.0-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_2.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_2.x86_64",
"product_id": "thunderbird-debuginfo-0:128.5.0-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@128.5.0-1.el8_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.src"
},
"product_reference": "thunderbird-0:128.5.0-1.el8_2.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:128.5.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.x86_64"
},
"product_reference": "thunderbird-0:128.5.0-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:128.5.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_2.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:128.5.0-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:128.5.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_2.x86_64"
},
"product_reference": "thunderbird-debugsource-0:128.5.0-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-11159",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-11-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2325896"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\n\nUsing remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11159"
},
{
"category": "external",
"summary": "RHBZ#2325896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325896"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11159"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11159",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11159"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-61/#CVE-2024-11159",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-61/#CVE-2024-11159"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-62/#CVE-2024-11159",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-62/#CVE-2024-11159"
}
],
"release_date": "2024-11-13T13:42:50.499000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T17:16:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10704"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message"
},
{
"cve": "CVE-2024-11692",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2024-11-26T14:02:14.897051+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Select list elements could be shown over another site",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11692"
},
{
"category": "external",
"summary": "RHBZ#2328946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11692"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11692",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11692"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1909535",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1909535"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:56.656000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T17:16:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10704"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: Select list elements could be shown over another site"
},
{
"cve": "CVE-2024-11694",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-11-26T14:01:43.613834+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328941"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation\u0027s Security Advisory: Enhanced Tracking Protection\u0027s Strict mode may inadvertently allow a CSP `frame-src` bypass and DOM-based cross-site scripting (XSS) through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames masquerading as legitimate content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11694"
},
{
"category": "external",
"summary": "RHBZ#2328941",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328941"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11694"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11694",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11694"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924167",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924167"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-65/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-65/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:57.989000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T17:16:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10704"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims"
},
{
"cve": "CVE-2024-11695",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2024-11-26T14:02:23.105376+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328948"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11695"
},
{
"category": "external",
"summary": "RHBZ#2328948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11695"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11695",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11695"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1925496",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1925496"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:58.459000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T17:16:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10704"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters"
},
{
"cve": "CVE-2024-11696",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2024-11-26T14:02:04.025632+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328943"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation\u0027s Security Advisory: The application can fail to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw is triggered by an invalid or unsupported extension manifest and could cause runtime errors that disrupt the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may be bypassed. Signature validation in this context is used to ensure that third-party applications on the user\u0027s computer have not tampered with the user\u0027s extensions, limiting the impact of this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Unhandled Exception in Add-on Signature Verification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11696"
},
{
"category": "external",
"summary": "RHBZ#2328943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11696"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11696",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11696"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929600",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929600"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:59.172000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T17:16:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10704"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "firefox: thunderbird: Unhandled Exception in Add-on Signature Verification"
},
{
"cve": "CVE-2024-11697",
"cwe": {
"id": "CWE-356",
"name": "Product UI does not Warn User of Unsafe Actions"
},
"discovery_date": "2024-11-26T14:02:44.775492+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328950"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the \"Open Executable File?\" confirmation dialog. This could have led to malicious code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11697"
},
{
"category": "external",
"summary": "RHBZ#2328950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328950"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11697"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842187",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842187"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:33:59.551000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T17:16:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10704"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog"
},
{
"cve": "CVE-2024-11699",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2024-11-26T14:02:18.948638+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2328947"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation\u0027s Security Advisory describes the following issue: Memory safety bugs are present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code.\u200b",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11699"
},
{
"category": "external",
"summary": "RHBZ#2328947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11699",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11699"
},
{
"category": "external",
"summary": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1880582%2C1929911",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1880582%2C1929911"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
],
"release_date": "2024-11-26T13:34:02.646000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-02T17:16:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10704"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:thunderbird-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:128.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:128.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5"
}
]
}
wid-sec-w-2024-3464
Vulnerability from csaf_certbund
Published
2024-11-13 23:00
Modified
2025-03-09 23:00
Summary
Mozilla Thunderbird: Schwachstelle ermöglicht Offenlegung von Informationen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Thunderbird ist ein Open Source E-Mail Client.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Mozilla Thunderbird ausnutzen, um Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Thunderbird ist ein Open Source E-Mail Client.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Mozilla Thunderbird ausnutzen, um Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3464 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3464.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3464 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3464"
},
{
"category": "external",
"summary": "Mozilla Foundation Security Advisory vom 2024-11-13",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-61/"
},
{
"category": "external",
"summary": "Mozilla Foundation Security Advisory vom 2024-11-13",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-62/"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5814 vom 2024-11-16",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00228.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:14497-1 vom 2024-11-16",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3X76ET6XFDVZFIEPLQZ5MQHJMM244MCL/"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3960 vom 2024-11-20",
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00017.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:4050-1 vom 2024-11-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019842.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:4050-1 vom 2024-11-25",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HD7VY4CJZNLYWT74XDD2HN4OERQPRMJ4/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10591 vom 2024-12-02",
"url": "https://access.redhat.com/errata/RHSA-2024:10591"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10592 vom 2024-12-02",
"url": "https://access.redhat.com/errata/RHSA-2024:10592"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10667 vom 2024-12-02",
"url": "https://access.redhat.com/errata/RHSA-2024:10667"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10710 vom 2024-12-02",
"url": "https://access.redhat.com/errata/RHSA-2024:10710"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10733 vom 2024-12-03",
"url": "https://access.redhat.com/errata/RHSA-2024:10733"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10703 vom 2024-12-02",
"url": "https://access.redhat.com/errata/RHSA-2024:10703"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10704 vom 2024-12-02",
"url": "https://access.redhat.com/errata/RHSA-2024:10704"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10734 vom 2024-12-03",
"url": "https://access.redhat.com/errata/RHSA-2024:10734"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10748 vom 2024-12-03",
"url": "https://access.redhat.com/errata/RHSA-2024:10748"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-10592 vom 2024-12-03",
"url": "https://linux.oracle.com/errata/ELSA-2024-10592.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-10591 vom 2024-12-04",
"url": "https://linux.oracle.com/errata/ELSA-2024-10591.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:10591 vom 2024-12-19",
"url": "https://errata.build.resf.org/RLSA-2024:10591"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2025-2765 vom 2025-02-25",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2025-2765.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2025-2789 vom 2025-03-07",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2025-2789.html"
}
],
"source_lang": "en-US",
"title": "Mozilla Thunderbird: Schwachstelle erm\u00f6glicht Offenlegung von Informationen",
"tracking": {
"current_release_date": "2025-03-09T23:00:00.000+00:00",
"generator": {
"date": "2025-03-10T09:05:59.422+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2024-3464",
"initial_release_date": "2024-11-13T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-11-13T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-11-17T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Debian und openSUSE aufgenommen"
},
{
"date": "2024-11-19T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-11-25T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-12-01T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-02T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-03T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2024-12-04T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-12-18T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2025-02-25T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-03-09T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Amazon aufgenommen"
}
],
"status": "final",
"version": "11"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c128.4.3",
"product": {
"name": "Mozilla Thunderbird \u003c128.4.3",
"product_id": "T039155"
}
},
{
"category": "product_version",
"name": "128.4.3",
"product": {
"name": "Mozilla Thunderbird 128.4.3",
"product_id": "T039155-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mozilla:thunderbird:128.4.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c132.0.1",
"product": {
"name": "Mozilla Thunderbird \u003c132.0.1",
"product_id": "T039156"
}
},
{
"category": "product_version",
"name": "132.0.1",
"product": {
"name": "Mozilla Thunderbird 132.0.1",
"product_id": "T039156-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mozilla:thunderbird:132.0.1"
}
}
}
],
"category": "product_name",
"name": "Thunderbird"
}
],
"category": "vendor",
"name": "Mozilla"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-11159",
"product_status": {
"known_affected": [
"T039155",
"2951",
"T002207",
"67646",
"T027843",
"398363",
"T004914",
"T032255",
"T039156"
]
},
"release_date": "2024-11-13T23:00:00.000+00:00",
"title": "CVE-2024-11159"
}
]
}
suse-su-2024:4050-1
Vulnerability from csaf_suse
Published
2024-11-25 15:37
Modified
2024-11-25 15:37
Summary
Security update for MozillaThunderbird
Notes
Title of the patch
Security update for MozillaThunderbird
Description of the patch
This update for MozillaThunderbird fixes the following issues:
- Mozilla Thunderbird 128.4.3
* fixed: Folder corruption could cause Thunderbird to freeze
and become unusable
* fixed: Message corruption could be propagated when reading mbox
* fixed: Folder compaction was not abandoned on shutdown
* fixed: Folder compaction did not clean up on failure
* fixed: Collapsed NNTP thread incorrectly indicated there were
unread messages
* fixed: Navigating to next unread message did not wait for all
messages to be loaded
* fixed: Applying column view to folder and children could
break if folder error occurred
* fixed: Remote content notifications were broken with
encrypted messages
* fixed: Updating criteria of a saved search resulted in poor
search performance
* fixed: Drop-downs may not work in some places
* fixed: Security fixes
MFSA 2024-61 (bsc#1233355)
* CVE-2024-11159 Potential disclosure of plaintext in OpenPGP encrypted message
- Mozilla Thunderbird 128.4.2
* changed: Increased the auto-compaction threshold to reduce
frequency of compaction
* fixed: New profile creation caused console errors
* fixed: Repair folder could result in older messages showing
wrong date and time
* fixed: Recently deleted messages could become undeleted if
message compaction failed
* fixed: Visual and UX improvements
* fixed: Clicking on an HTML button could cause Thunderbird to freeze
* fixed: Messages could not be selected for dragging
* fixed: Could not open attached file in a MIME encrypted message
* fixed: Account creation 'Setup Documentation' link was broken
* fixed: Unable to generate QR codes when exporting to mobile
in some cases
* fixed: Operating system reauthentication was missing when
exporting QR codes for mobile
* fixed: Could not drag all-day events from one day to another
in week view
- Mozilla Thunderbird 128.4.1
* new: Add the 20 year donation appeal
- Mozilla Thunderbird 128.4
* new: Export Thunderbird account settings to Thunderbird
Mobile via QRCode
* fixed: Unable to send an unencrypted response to an OpenPGP
encrypted message
* fixed: Thunderbird update did not update language pack
version until another restart
* fixed: Security fixes
MFSA 2024-58 (bsc#1231879)
* CVE-2024-10458 Permission leak via embed or object elements
* CVE-2024-10459 Use-after-free in layout with accessibility
* CVE-2024-10460 Confusing display of origin for external protocol handler prompt
* CVE-2024-10461 XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
* CVE-2024-10462 Origin of permission prompt could be spoofed by long URL
* CVE-2024-10463 Cross origin video frame leak
* CVE-2024-10464 History interface could have been used to cause a Denial of Service condition in the browser
* CVE-2024-10465 Clipboard 'paste' button persisted across tabs
* CVE-2024-10466 DOM push subscription message could hang Firefox
* CVE-2024-10467 Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4
Patchnames
SUSE-2024-4050,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-4050,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-4050,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-4050,SUSE-SLE-Product-WE-15-SP5-2024-4050,SUSE-SLE-Product-WE-15-SP6-2024-4050,openSUSE-SLE-15.5-2024-4050,openSUSE-SLE-15.6-2024-4050
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaThunderbird",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaThunderbird fixes the following issues:\n\n- Mozilla Thunderbird 128.4.3\n * fixed: Folder corruption could cause Thunderbird to freeze\n and become unusable\n * fixed: Message corruption could be propagated when reading mbox\n * fixed: Folder compaction was not abandoned on shutdown\n * fixed: Folder compaction did not clean up on failure\n * fixed: Collapsed NNTP thread incorrectly indicated there were\n unread messages\n * fixed: Navigating to next unread message did not wait for all\n messages to be loaded\n * fixed: Applying column view to folder and children could\n break if folder error occurred\n * fixed: Remote content notifications were broken with\n encrypted messages\n * fixed: Updating criteria of a saved search resulted in poor\n search performance\n * fixed: Drop-downs may not work in some places\n * fixed: Security fixes\n MFSA 2024-61 (bsc#1233355)\n * CVE-2024-11159 Potential disclosure of plaintext in OpenPGP encrypted message\n\n- Mozilla Thunderbird 128.4.2\n * changed: Increased the auto-compaction threshold to reduce\n frequency of compaction\n * fixed: New profile creation caused console errors\n * fixed: Repair folder could result in older messages showing\n wrong date and time\n * fixed: Recently deleted messages could become undeleted if\n message compaction failed\n * fixed: Visual and UX improvements\n * fixed: Clicking on an HTML button could cause Thunderbird to freeze\n * fixed: Messages could not be selected for dragging\n * fixed: Could not open attached file in a MIME encrypted message\n * fixed: Account creation \u0027Setup Documentation\u0027 link was broken\n * fixed: Unable to generate QR codes when exporting to mobile\n in some cases\n * fixed: Operating system reauthentication was missing when\n exporting QR codes for mobile\n * fixed: Could not drag all-day events from one day to another\n in week view\n\n- Mozilla Thunderbird 128.4.1\n * new: Add the 20 year donation appeal\n\n- Mozilla Thunderbird 128.4\n * new: Export Thunderbird account settings to Thunderbird\n Mobile via QRCode\n * fixed: Unable to send an unencrypted response to an OpenPGP\n encrypted message\n * fixed: Thunderbird update did not update language pack\n version until another restart\n * fixed: Security fixes\n MFSA 2024-58 (bsc#1231879)\n * CVE-2024-10458 Permission leak via embed or object elements\n * CVE-2024-10459 Use-after-free in layout with accessibility\n * CVE-2024-10460 Confusing display of origin for external protocol handler prompt\n * CVE-2024-10461 XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response\n * CVE-2024-10462 Origin of permission prompt could be spoofed by long URL\n * CVE-2024-10463 Cross origin video frame leak\n * CVE-2024-10464 History interface could have been used to cause a Denial of Service condition in the browser\n * CVE-2024-10465 Clipboard \u0027paste\u0027 button persisted across tabs\n * CVE-2024-10466 DOM push subscription message could hang Firefox\n * CVE-2024-10467 Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-4050,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-4050,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-4050,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-4050,SUSE-SLE-Product-WE-15-SP5-2024-4050,SUSE-SLE-Product-WE-15-SP6-2024-4050,openSUSE-SLE-15.5-2024-4050,openSUSE-SLE-15.6-2024-4050",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_4050-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:4050-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244050-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:4050-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019842.html"
},
{
"category": "self",
"summary": "SUSE Bug 1231879",
"url": "https://bugzilla.suse.com/1231879"
},
{
"category": "self",
"summary": "SUSE Bug 1233355",
"url": "https://bugzilla.suse.com/1233355"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-10458 page",
"url": "https://www.suse.com/security/cve/CVE-2024-10458/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-10459 page",
"url": "https://www.suse.com/security/cve/CVE-2024-10459/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-10460 page",
"url": "https://www.suse.com/security/cve/CVE-2024-10460/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-10461 page",
"url": "https://www.suse.com/security/cve/CVE-2024-10461/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-10462 page",
"url": "https://www.suse.com/security/cve/CVE-2024-10462/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-10463 page",
"url": "https://www.suse.com/security/cve/CVE-2024-10463/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-10464 page",
"url": "https://www.suse.com/security/cve/CVE-2024-10464/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-10465 page",
"url": "https://www.suse.com/security/cve/CVE-2024-10465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-10466 page",
"url": "https://www.suse.com/security/cve/CVE-2024-10466/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-10467 page",
"url": "https://www.suse.com/security/cve/CVE-2024-10467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-11159 page",
"url": "https://www.suse.com/security/cve/CVE-2024-11159/"
}
],
"title": "Security update for MozillaThunderbird",
"tracking": {
"current_release_date": "2024-11-25T15:37:44Z",
"generator": {
"date": "2024-11-25T15:37:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:4050-1",
"initial_release_date": "2024-11-25T15:37:44Z",
"revision_history": [
{
"date": "2024-11-25T15:37:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"product": {
"name": "MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"product_id": "MozillaThunderbird-128.4.3-150200.8.188.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"product": {
"name": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"product_id": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"product": {
"name": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"product_id": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"product": {
"name": "MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"product_id": "MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"product": {
"name": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"product_id": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"product": {
"name": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"product_id": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"product": {
"name": "MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"product_id": "MozillaThunderbird-128.4.3-150200.8.188.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"product": {
"name": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"product_id": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"product": {
"name": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"product_id": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"product": {
"name": "MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"product_id": "MozillaThunderbird-128.4.3-150200.8.188.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"product_id": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"product_id": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Workstation Extension 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Workstation Extension 15 SP5",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-we:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Workstation Extension 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Workstation Extension 15 SP6",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-we:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-128.4.3-150200.8.188.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64"
},
"product_reference": "MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le"
},
"product_reference": "MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-128.4.3-150200.8.188.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x"
},
"product_reference": "MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64"
},
"product_reference": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le"
},
"product_reference": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x"
},
"product_reference": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64"
},
"product_reference": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le"
},
"product_reference": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x"
},
"product_reference": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-128.4.3-150200.8.188.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64"
},
"product_reference": "MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le"
},
"product_reference": "MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-128.4.3-150200.8.188.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x"
},
"product_reference": "MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64"
},
"product_reference": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le"
},
"product_reference": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x"
},
"product_reference": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64"
},
"product_reference": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le"
},
"product_reference": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x"
},
"product_reference": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-128.4.3-150200.8.188.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15 SP5",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64"
},
"product_reference": "MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15 SP5",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15 SP5",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-128.4.3-150200.8.188.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15 SP6",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64"
},
"product_reference": "MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15 SP6",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15 SP6",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-128.4.3-150200.8.188.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64"
},
"product_reference": "MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le"
},
"product_reference": "MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-128.4.3-150200.8.188.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x"
},
"product_reference": "MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-128.4.3-150200.8.188.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64"
},
"product_reference": "MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64"
},
"product_reference": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le"
},
"product_reference": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x"
},
"product_reference": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64"
},
"product_reference": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le"
},
"product_reference": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x"
},
"product_reference": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-128.4.3-150200.8.188.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64"
},
"product_reference": "MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le"
},
"product_reference": "MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-128.4.3-150200.8.188.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x"
},
"product_reference": "MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-128.4.3-150200.8.188.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64"
},
"product_reference": "MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64"
},
"product_reference": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le"
},
"product_reference": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x"
},
"product_reference": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64"
},
"product_reference": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le"
},
"product_reference": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x"
},
"product_reference": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-10458",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-10458"
}
],
"notes": [
{
"category": "general",
"text": "A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox \u003c 132, Firefox ESR \u003c 128.4, Firefox ESR \u003c 115.17, Thunderbird \u003c 128.4, and Thunderbird \u003c 132.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-10458",
"url": "https://www.suse.com/security/cve/CVE-2024-10458"
},
{
"category": "external",
"summary": "SUSE Bug 1231879 for CVE-2024-10458",
"url": "https://bugzilla.suse.com/1231879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-25T15:37:44Z",
"details": "critical"
}
],
"title": "CVE-2024-10458"
},
{
"cve": "CVE-2024-10459",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-10459"
}
],
"notes": [
{
"category": "general",
"text": "An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox \u003c 132, Firefox ESR \u003c 128.4, Firefox ESR \u003c 115.17, Thunderbird \u003c 128.4, and Thunderbird \u003c 132.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-10459",
"url": "https://www.suse.com/security/cve/CVE-2024-10459"
},
{
"category": "external",
"summary": "SUSE Bug 1231879 for CVE-2024-10459",
"url": "https://bugzilla.suse.com/1231879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-25T15:37:44Z",
"details": "critical"
}
],
"title": "CVE-2024-10459"
},
{
"cve": "CVE-2024-10460",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-10460"
}
],
"notes": [
{
"category": "general",
"text": "The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox \u003c 132, Firefox ESR \u003c 128.4, Thunderbird \u003c 128.4, and Thunderbird \u003c 132.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-10460",
"url": "https://www.suse.com/security/cve/CVE-2024-10460"
},
{
"category": "external",
"summary": "SUSE Bug 1231879 for CVE-2024-10460",
"url": "https://bugzilla.suse.com/1231879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-25T15:37:44Z",
"details": "critical"
}
],
"title": "CVE-2024-10460"
},
{
"cve": "CVE-2024-10461",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-10461"
}
],
"notes": [
{
"category": "general",
"text": "In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox \u003c 132, Firefox ESR \u003c 128.4, Thunderbird \u003c 128.4, and Thunderbird \u003c 132.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-10461",
"url": "https://www.suse.com/security/cve/CVE-2024-10461"
},
{
"category": "external",
"summary": "SUSE Bug 1231879 for CVE-2024-10461",
"url": "https://bugzilla.suse.com/1231879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-25T15:37:44Z",
"details": "critical"
}
],
"title": "CVE-2024-10461"
},
{
"cve": "CVE-2024-10462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-10462"
}
],
"notes": [
{
"category": "general",
"text": "Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox \u003c 132, Firefox ESR \u003c 128.4, Thunderbird \u003c 128.4, and Thunderbird \u003c 132.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-10462",
"url": "https://www.suse.com/security/cve/CVE-2024-10462"
},
{
"category": "external",
"summary": "SUSE Bug 1231879 for CVE-2024-10462",
"url": "https://bugzilla.suse.com/1231879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-25T15:37:44Z",
"details": "critical"
}
],
"title": "CVE-2024-10462"
},
{
"cve": "CVE-2024-10463",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-10463"
}
],
"notes": [
{
"category": "general",
"text": "Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox \u003c 132, Firefox ESR \u003c 128.4, Firefox ESR \u003c 115.17, Thunderbird \u003c 128.4, and Thunderbird \u003c 132.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-10463",
"url": "https://www.suse.com/security/cve/CVE-2024-10463"
},
{
"category": "external",
"summary": "SUSE Bug 1231879 for CVE-2024-10463",
"url": "https://bugzilla.suse.com/1231879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-25T15:37:44Z",
"details": "critical"
}
],
"title": "CVE-2024-10463"
},
{
"cve": "CVE-2024-10464",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-10464"
}
],
"notes": [
{
"category": "general",
"text": "Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox \u003c 132, Firefox ESR \u003c 128.4, Thunderbird \u003c 128.4, and Thunderbird \u003c 132.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-10464",
"url": "https://www.suse.com/security/cve/CVE-2024-10464"
},
{
"category": "external",
"summary": "SUSE Bug 1231879 for CVE-2024-10464",
"url": "https://bugzilla.suse.com/1231879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-25T15:37:44Z",
"details": "critical"
}
],
"title": "CVE-2024-10464"
},
{
"cve": "CVE-2024-10465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-10465"
}
],
"notes": [
{
"category": "general",
"text": "A clipboard \"paste\" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox \u003c 132, Firefox ESR \u003c 128.4, Thunderbird \u003c 128.4, and Thunderbird \u003c 132.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-10465",
"url": "https://www.suse.com/security/cve/CVE-2024-10465"
},
{
"category": "external",
"summary": "SUSE Bug 1231879 for CVE-2024-10465",
"url": "https://bugzilla.suse.com/1231879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-25T15:37:44Z",
"details": "critical"
}
],
"title": "CVE-2024-10465"
},
{
"cve": "CVE-2024-10466",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-10466"
}
],
"notes": [
{
"category": "general",
"text": "By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox \u003c 132, Firefox ESR \u003c 128.4, Thunderbird \u003c 128.4, and Thunderbird \u003c 132.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-10466",
"url": "https://www.suse.com/security/cve/CVE-2024-10466"
},
{
"category": "external",
"summary": "SUSE Bug 1231879 for CVE-2024-10466",
"url": "https://bugzilla.suse.com/1231879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-25T15:37:44Z",
"details": "critical"
}
],
"title": "CVE-2024-10466"
},
{
"cve": "CVE-2024-10467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-10467"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 132, Firefox ESR \u003c 128.4, Thunderbird \u003c 128.4, and Thunderbird \u003c 132.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-10467",
"url": "https://www.suse.com/security/cve/CVE-2024-10467"
},
{
"category": "external",
"summary": "SUSE Bug 1231879 for CVE-2024-10467",
"url": "https://bugzilla.suse.com/1231879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-25T15:37:44Z",
"details": "critical"
}
],
"title": "CVE-2024-10467"
},
{
"cve": "CVE-2024-11159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-11159"
}
],
"notes": [
{
"category": "general",
"text": "Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird \u003c 128.4.3 and Thunderbird \u003c 132.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-11159",
"url": "https://www.suse.com/security/cve/CVE-2024-11159"
},
{
"category": "external",
"summary": "SUSE Bug 1233355 for CVE-2024-11159",
"url": "https://bugzilla.suse.com/1233355"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.4.3-150200.8.188.1.x86_64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.aarch64",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.ppc64le",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.s390x",
"openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.4.3-150200.8.188.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-25T15:37:44Z",
"details": "moderate"
}
],
"title": "CVE-2024-11159"
}
]
}
ghsa-jm4h-wwjv-4q5c
Vulnerability from github
Published
2024-11-13 15:31
Modified
2024-11-27 00:31
Severity ?
VLAI Severity ?
Details
Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird < 128.4.3 and Thunderbird < 132.0.1.
{
"affected": [],
"aliases": [
"CVE-2024-11159"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-13T14:15:15Z",
"severity": "MODERATE"
},
"details": "Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird \u003c 128.4.3 and Thunderbird \u003c 132.0.1.",
"id": "GHSA-jm4h-wwjv-4q5c",
"modified": "2024-11-27T00:31:41Z",
"published": "2024-11-13T15:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11159"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1925929"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00017.html"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-61"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-62"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
opensuse-su-2024:14497-1
Vulnerability from csaf_opensuse
Published
2024-11-15 00:00
Modified
2024-11-15 00:00
Summary
MozillaThunderbird-128.4.3-1.1 on GA media
Notes
Title of the patch
MozillaThunderbird-128.4.3-1.1 on GA media
Description of the patch
These are all security issues fixed in the MozillaThunderbird-128.4.3-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14497
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "MozillaThunderbird-128.4.3-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the MozillaThunderbird-128.4.3-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14497",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14497-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2024:14497-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3X76ET6XFDVZFIEPLQZ5MQHJMM244MCL/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2024:14497-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3X76ET6XFDVZFIEPLQZ5MQHJMM244MCL/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-11159 page",
"url": "https://www.suse.com/security/cve/CVE-2024-11159/"
}
],
"title": "MozillaThunderbird-128.4.3-1.1 on GA media",
"tracking": {
"current_release_date": "2024-11-15T00:00:00Z",
"generator": {
"date": "2024-11-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14497-1",
"initial_release_date": "2024-11-15T00:00:00Z",
"revision_history": [
{
"date": "2024-11-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-128.4.3-1.1.aarch64",
"product": {
"name": "MozillaThunderbird-128.4.3-1.1.aarch64",
"product_id": "MozillaThunderbird-128.4.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-openpgp-librnp-128.4.3-1.1.aarch64",
"product": {
"name": "MozillaThunderbird-openpgp-librnp-128.4.3-1.1.aarch64",
"product_id": "MozillaThunderbird-openpgp-librnp-128.4.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-128.4.3-1.1.aarch64",
"product": {
"name": "MozillaThunderbird-translations-common-128.4.3-1.1.aarch64",
"product_id": "MozillaThunderbird-translations-common-128.4.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-128.4.3-1.1.aarch64",
"product": {
"name": "MozillaThunderbird-translations-other-128.4.3-1.1.aarch64",
"product_id": "MozillaThunderbird-translations-other-128.4.3-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-128.4.3-1.1.ppc64le",
"product": {
"name": "MozillaThunderbird-128.4.3-1.1.ppc64le",
"product_id": "MozillaThunderbird-128.4.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-openpgp-librnp-128.4.3-1.1.ppc64le",
"product": {
"name": "MozillaThunderbird-openpgp-librnp-128.4.3-1.1.ppc64le",
"product_id": "MozillaThunderbird-openpgp-librnp-128.4.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-128.4.3-1.1.ppc64le",
"product": {
"name": "MozillaThunderbird-translations-common-128.4.3-1.1.ppc64le",
"product_id": "MozillaThunderbird-translations-common-128.4.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-128.4.3-1.1.ppc64le",
"product": {
"name": "MozillaThunderbird-translations-other-128.4.3-1.1.ppc64le",
"product_id": "MozillaThunderbird-translations-other-128.4.3-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-128.4.3-1.1.s390x",
"product": {
"name": "MozillaThunderbird-128.4.3-1.1.s390x",
"product_id": "MozillaThunderbird-128.4.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-openpgp-librnp-128.4.3-1.1.s390x",
"product": {
"name": "MozillaThunderbird-openpgp-librnp-128.4.3-1.1.s390x",
"product_id": "MozillaThunderbird-openpgp-librnp-128.4.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-128.4.3-1.1.s390x",
"product": {
"name": "MozillaThunderbird-translations-common-128.4.3-1.1.s390x",
"product_id": "MozillaThunderbird-translations-common-128.4.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-128.4.3-1.1.s390x",
"product": {
"name": "MozillaThunderbird-translations-other-128.4.3-1.1.s390x",
"product_id": "MozillaThunderbird-translations-other-128.4.3-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-128.4.3-1.1.x86_64",
"product": {
"name": "MozillaThunderbird-128.4.3-1.1.x86_64",
"product_id": "MozillaThunderbird-128.4.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-openpgp-librnp-128.4.3-1.1.x86_64",
"product": {
"name": "MozillaThunderbird-openpgp-librnp-128.4.3-1.1.x86_64",
"product_id": "MozillaThunderbird-openpgp-librnp-128.4.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-128.4.3-1.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-common-128.4.3-1.1.x86_64",
"product_id": "MozillaThunderbird-translations-common-128.4.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-128.4.3-1.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-other-128.4.3-1.1.x86_64",
"product_id": "MozillaThunderbird-translations-other-128.4.3-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-128.4.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-128.4.3-1.1.aarch64"
},
"product_reference": "MozillaThunderbird-128.4.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-128.4.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-128.4.3-1.1.ppc64le"
},
"product_reference": "MozillaThunderbird-128.4.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-128.4.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-128.4.3-1.1.s390x"
},
"product_reference": "MozillaThunderbird-128.4.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-128.4.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-128.4.3-1.1.x86_64"
},
"product_reference": "MozillaThunderbird-128.4.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-openpgp-librnp-128.4.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.4.3-1.1.aarch64"
},
"product_reference": "MozillaThunderbird-openpgp-librnp-128.4.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-openpgp-librnp-128.4.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.4.3-1.1.ppc64le"
},
"product_reference": "MozillaThunderbird-openpgp-librnp-128.4.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-openpgp-librnp-128.4.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.4.3-1.1.s390x"
},
"product_reference": "MozillaThunderbird-openpgp-librnp-128.4.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-openpgp-librnp-128.4.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.4.3-1.1.x86_64"
},
"product_reference": "MozillaThunderbird-openpgp-librnp-128.4.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-128.4.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.4.3-1.1.aarch64"
},
"product_reference": "MozillaThunderbird-translations-common-128.4.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-128.4.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.4.3-1.1.ppc64le"
},
"product_reference": "MozillaThunderbird-translations-common-128.4.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-128.4.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.4.3-1.1.s390x"
},
"product_reference": "MozillaThunderbird-translations-common-128.4.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-128.4.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.4.3-1.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-128.4.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-128.4.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.4.3-1.1.aarch64"
},
"product_reference": "MozillaThunderbird-translations-other-128.4.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-128.4.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.4.3-1.1.ppc64le"
},
"product_reference": "MozillaThunderbird-translations-other-128.4.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-128.4.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.4.3-1.1.s390x"
},
"product_reference": "MozillaThunderbird-translations-other-128.4.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-128.4.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.4.3-1.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-128.4.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-11159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-11159"
}
],
"notes": [
{
"category": "general",
"text": "Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird \u003c 128.4.3 and Thunderbird \u003c 132.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-128.4.3-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-128.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-128.4.3-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-128.4.3-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.4.3-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.4.3-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.4.3-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.4.3-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.4.3-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.4.3-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.4.3-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.4.3-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.4.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-11159",
"url": "https://www.suse.com/security/cve/CVE-2024-11159"
},
{
"category": "external",
"summary": "SUSE Bug 1233355 for CVE-2024-11159",
"url": "https://bugzilla.suse.com/1233355"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-128.4.3-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-128.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-128.4.3-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-128.4.3-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.4.3-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.4.3-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.4.3-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.4.3-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.4.3-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.4.3-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.4.3-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.4.3-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.4.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-128.4.3-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-128.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-128.4.3-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-128.4.3-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.4.3-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.4.3-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.4.3-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.4.3-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.4.3-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.4.3-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.4.3-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.4.3-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.4.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-11159"
}
]
}
fkie_cve-2024-11159
Vulnerability from fkie_nvd
Published
2024-11-13 14:15
Modified
2024-12-06 20:15
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird < 128.4.3 and Thunderbird < 132.0.1.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1925929 | Issue Tracking | |
| security@mozilla.org | https://www.mozilla.org/security/advisories/mfsa2024-61/ | Vendor Advisory | |
| security@mozilla.org | https://www.mozilla.org/security/advisories/mfsa2024-62/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2024/11/msg00017.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | thunderbird | * | |
| mozilla | thunderbird | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC5B426-F05D-4BC9-B70B-2B219990C5A2",
"versionEndExcluding": "128.4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7662AA1E-5DBA-4BFC-9127-48EAA8AFE5C0",
"versionEndExcluding": "132.0.1",
"versionStartIncluding": "129.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird \u003c 128.4.3 and Thunderbird \u003c 132.0.1."
},
{
"lang": "es",
"value": "El uso de contenido remoto en mensajes cifrados con OpenPGP puede provocar la divulgaci\u00f3n de texto plano. Esta vulnerabilidad afecta a Thunderbird \u0026lt; 128.4.3 y Thunderbird \u0026lt; 132.0.1."
}
],
"id": "CVE-2024-11159",
"lastModified": "2024-12-06T20:15:23.937",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-13T14:15:15.330",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1925929"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-61/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-62/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00017.html"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…