VDB
CNVD-2024-25572
CNVD-2024-25572
PUBLISHED
CVSS 7.5 HIGH
Mozilla Thunderbird是美国Mozilla基金会的一套从Mozilla Application Suite独立出来的电子邮件客户端软件。该软件支持IMAP、POP邮件协议以及HTML邮件格式。 Mozilla Thunderbird存在安全绕过漏洞,该漏洞是是由于加密电子邮件主题泄露到其他对话中造成的。攻击者可利用此漏洞将机密主题泄露给第三方。
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| mozilla | thunderbird | 0 |
| Mozilla | Thunderbird | unspecified |
Exploit Intelligence
- https://bugzilla.mozilla.org/show_bug.cgi?id=1860977 (circl)
- https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html (circl)
- https://www.mozilla.org/security/advisories/mfsa2024-11/ (circl)
- CIRCL seen: CVE-2024-1936 (circl-sighting)
- CIRCL seen: CVE-2024-1936 (circl-sighting)
- CIRCL seen: CVE-2024-1936 (circl-sighting)
Timeline
- Mar 4, 2024 CVE Published
- Mar 4, 2024 PoC Published
- Mar 4, 2024 PoC Published
- Mar 6, 2024 CVE ID Reserved
- Mar 6, 2024 PoC Published