Lucene search

K
redhatRedHatRHSA-2024:5394
HistoryAug 14, 2024 - 11:37 a.m.

(RHSA-2024:5394) Important: thunderbird security update

2024-08-1411:37:59
access.redhat.com
2
thunderbird
mail client
security update
cvss score
unix
cve page

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

  • EMBARGOED Thunderbird: 115.14/128.1 ()

  • mozilla: Fullscreen notification dialog can be obscured by document content (CVE-2024-7518)

  • mozilla: Out of bounds memory access in graphics shared memory handling (CVE-2024-7519)

  • mozilla: Type confusion in WebAssembly (CVE-2024-7520)

  • mozilla: Incomplete WebAssembly exception handing (CVE-2024-7521)

  • mozilla: Out of bounds read in editor component (CVE-2024-7522)

  • mozilla: Missing permission check when creating a StreamFilter (CVE-2024-7525)

  • mozilla: Uninitialized memory used by WebGL (CVE-2024-7526)

  • mozilla: Use-after-free in JavaScript garbage collection (CVE-2024-7527)

  • mozilla: Use-after-free in IndexedDB (CVE-2024-7528)

  • mozilla: Document content could partially obscure security prompts (CVE-2024-7529)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High