The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third party. While this update fixes the bug and avoids future message contamination, it does not automatically repair existing contaminations. Users are advised to use the repair folder functionality, which is available from the context menu of email folders, which will erase incorrect subject assignments. This vulnerability affects Thunderbird < 115.8.1.
Published 2024-03-04 22:15:47
Updated 2024-03-23 12:15:08
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2024-1936

0.05%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 13 %
Percentile, the proportion of vulnerabilities that are scored at or less

References for CVE-2024-1936

Products affected by CVE-2024-1936

The following product & version information is provided by CVEdetails.com. We provide product & version information for most CVEs even if they are not available from NVD.
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!