Gentoo FoundationMGASA-2024-0094Updated thunderbird packages fix security vulnerabilities
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
42.1%
Crash in NSS TLS method. (CVE-2024-0743) JIT code failed to save return registers on Armv7-A. (CVE-2024-2607) Integer overflow could have led to out of bounds write. (CVE-2024-2608) Improve handling of out-of-memory conditions in ICU. (CVE-2024-2616) NSS susceptible to timing attack against RSA decryption. (CVE-2023-5388) Improper handling of html and body tags enabled CSP nonce leakage. (CVE-2024-2610) Clickjacking vulnerability could have led to a user accidentally granting permissions. (CVE-2024-2611) Self referencing object could have potentially led to a use-after-free. (CVE-2024-2612) Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. (CVE-2024-2614)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 9 | noarch | thunderbird | < 115.9.0-1 | thunderbird-115.9.0-1.mga9 |
| Mageia | 9 | noarch | thunderbird-l10n | < 115.9.0-1 | thunderbird-l10n-115.9.0-1.mga9 |
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
42.1%