Severity Level: High
Title:
High-Severity Vulnerability in Mozilla Thunderbird
Summary:
• CVE-2024-11159: Potential disclosure of plaintext in OpenPGP encrypted message
• Severity- High
• The vulnerability stems from the way Thunderbird handles remote content in OpenPGP encrypted messages. When an encrypted message contains references to remote content, it can lead to the unintended disclosure of the message's plaintext.
• Successful exploitation of this vulnerability could result in Unauthorized access to the content of encrypted emails, Compromise of sensitive information intended to be protected by encryption, Potential breach of confidentiality for OpenPGP users.
Affected Versions: • Thunderbird versions prior to 128.4.3 • Thunderbird versions prior to 132.0.1
Fixed Versions: • Thunderbird 128.4.3 • Thunderbird 132.0.1
Recommendations:.
recommends to upgrade the affected versions to the fixed versions at the earliest.
References:
click here