Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-6750-1
HistoryApr 25, 2024 - 12:00 a.m.

Thunderbird vulnerabilities

2024-04-2500:00:00
ubuntu.com
12
thunderbird
ubuntu
security issues
denial of service
sensitive information
arbitrary code
memory management
cross-site tracing
cve-2024-2609
cve-2024-3852
cve-2024-3864
cve-2024-3302
cve-2024-3854
cve-2024-3857
cve-2024-3859
cve-2024-3861
opentype sanitizer

8.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.0%

JSON

Releases

  • Ubuntu 23.10
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS

Packages

  • thunderbird - Mozilla Open Source mail and newsgroup client

Details

Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code. (CVE-2024-2609, CVE-2024-3852,
CVE-2024-3864)

Bartek Nowotarski discovered that Thunderbird did not properly limit HTTP/2
CONTINUATION frames. An attacker could potentially exploit this issue to
cause a denial of service. (CVE-2024-3302)

Lukas Bernhard discovered that Thunderbird did not properly manage memory
during JIT optimisations, leading to an out-of-bounds read vulnerability.
An attacker could possibly use this issue to cause a denial of service or
expose sensitive information. (CVE-2024-3854)

Lukas Bernhard discovered that Thunderbird did not properly manage memory
when handling JIT created code during garbage collection. An attacker
could potentially exploit this issue to cause a denial of service, or
execute arbitrary code. (CVE-2024-3857)

Ronald Crane discovered that Thunderbird did not properly manage memory in
the OpenType sanitizer on 32-bit devices, leading to an out-of-bounds read
vulnerability. An attacker could possibly use this issue to cause a denial
of service or expose sensitive information. (CVE-2024-3859)

Ronald Crane discovered that Thunderbird did not properly manage memory
when handling an AlignedBuffer. An attacker could potentially exploit this
issue to cause denial of service, or execute arbitrary code. (CVE-2024-3861)

OSVersionArchitecturePackageVersionFilename
Ubuntu23.10noarchthunderbird< 1:115.10.1+build1-0ubuntu0.23.10.1UNKNOWN
Ubuntu23.10noarchthunderbird-dbg< 1:115.10.1+build1-0ubuntu0.23.10.1UNKNOWN
Ubuntu23.10noarchthunderbird-dev< 1:115.10.1+build1-0ubuntu0.23.10.1UNKNOWN
Ubuntu23.10noarchthunderbird-gnome-support< 1:115.10.1+build1-0ubuntu0.23.10.1UNKNOWN
Ubuntu23.10noarchthunderbird-gnome-support-dbg< 1:115.10.1+build1-0ubuntu0.23.10.1UNKNOWN
Ubuntu23.10noarchthunderbird-locale-af< 1:115.10.1+build1-0ubuntu0.23.10.1UNKNOWN
Ubuntu23.10noarchthunderbird-locale-ar< 1:115.10.1+build1-0ubuntu0.23.10.1UNKNOWN
Ubuntu23.10noarchthunderbird-locale-ast< 1:115.10.1+build1-0ubuntu0.23.10.1UNKNOWN
Ubuntu23.10noarchthunderbird-locale-be< 1:115.10.1+build1-0ubuntu0.23.10.1UNKNOWN
Ubuntu23.10noarchthunderbird-locale-bg< 1:115.10.1+build1-0ubuntu0.23.10.1UNKNOWN
Rows per page:
1-10 of 2731

Related

nessus 55
openvas 25
redhat 18
osv 16
oraclelinux 6
debian 4
rocky 4
almalinux 4
mageia 2
mozilla 3
slackware 1
ubuntu 3
gentoo 1
cgr 7
cvelist 8
ubuntucve 8
redhatcve 8
debiancve 8
veracode 8
cve 8
cnvd 1
alpinelinux 1
nessus
nessus
RHEL 9 : thunderbird (RHSA-2024:1941)
2024-04-22 00:00:00
RHEL 8 : firefox (RHSA-2024:1904)
2024-04-18 00:00:00
RHEL 9 : firefox (RHSA-2024:1907)
2024-04-18 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5670-1)
2024-04-22 00:00:00
Debian: Security Advisory (DLA-3791-1)
2024-04-22 00:00:00
Debian: Security Advisory (DLA-3790-1)
2024-04-22 00:00:00
redhat
redhat
(RHSA-2024:1940) Low: thunderbird security update
2024-04-22 08:00:35
(RHSA-2024:1908) Important: firefox security update
2024-04-18 09:05:44
(RHSA-2024:1906) Important: firefox security update
2024-04-18 09:05:27
osv
osv
thunderbird vulnerabilities
2024-04-25 03:24:59
thunderbird - security update
2024-04-22 00:00:00
Important: firefox security update
2024-04-18 00:00:00
oraclelinux
oraclelinux
firefox security update
2024-04-19 00:00:00
firefox security update
2024-04-19 00:00:00
firefox security update
2024-04-18 00:00:00
debian
debian
[SECURITY] [DSA 5663-1] firefox-esr security update
2024-04-17 17:21:09
[SECURITY] [DLA 3790-1] firefox-esr security update
2024-04-19 10:40:02
[SECURITY] [DLA 3791-1] thunderbird security update
2024-04-22 08:49:30
rocky
rocky
firefox security update
2024-05-10 14:32:42
firefox security update
2024-05-06 13:04:21
thunderbird security update
2024-05-06 13:04:21
almalinux
almalinux
Important: firefox security update
2024-04-18 00:00:00
Important: firefox security update
2024-04-18 00:00:00
Low: thunderbird security update
2024-04-22 00:00:00
mageia
mageia
Updated thunderbird packages fix security vulnerabilities
2024-04-27 03:37:18
Updated firefox packages fix security vulnerabilities
2024-04-27 09:26:16
mozilla
mozilla
Security Vulnerabilities fixed in Firefox ESR 115.10 — Mozilla
2024-04-16 00:00:00
Security Vulnerabilities fixed in Thunderbird 115.10 — Mozilla
2024-04-16 00:00:00
Security Vulnerabilities fixed in Firefox 125 — Mozilla
2024-04-16 00:00:00
slackware
slackware
[slackware-security] mozilla-firefox
2024-04-16 18:53:34
ubuntu
ubuntu
Firefox regressions
2024-05-02 00:00:00
Firefox vulnerabilities
2024-04-24 00:00:00
Firefox vulnerabilities
2024-03-20 00:00:00
gentoo
gentoo
Mozilla Thunderbird: Multiple Vulnerabilities
2024-05-12 00:00:00
cgr
cgr
CVE-2024-3854 vulnerabilities
2024-05-19 03:07:16
CVE-2024-3852 vulnerabilities
2024-05-19 03:07:16
CVE-2024-3861 vulnerabilities
2024-05-19 03:07:16
cvelist
cvelist
CVE-2024-3852
2024-04-16 15:14:05
CVE-2024-3861
2024-04-16 15:14:08
CVE-2024-2609
2024-03-19 12:02:54
ubuntucve
ubuntucve
CVE-2024-3852
2024-04-16 00:00:00
CVE-2024-2609
2024-03-19 00:00:00
CVE-2024-3861
2024-04-16 00:00:00
redhatcve
redhatcve
CVE-2024-3852
2024-04-18 10:00:00
CVE-2024-3854
2024-04-17 19:53:30
CVE-2024-3861
2024-04-18 10:00:18
debiancve
debiancve
CVE-2024-3854
2024-04-16 16:15:08
CVE-2024-3852
2024-04-16 16:15:08
CVE-2024-3861
2024-04-16 16:15:08
veracode
veracode
Incorrect Return Value
2024-04-19 01:24:15
Use-After-Free
2024-04-19 01:20:50
Clickjacking
2024-03-25 01:33:20
cve
cve
CVE-2024-3854
2024-04-16 16:15:08
CVE-2024-3852
2024-04-16 16:15:08
CVE-2024-2609
2024-03-19 12:15:08
cnvd
cnvd
Mozilla Firefox Clickjacking Vulnerability (CNVD-2024-14973)
2024-03-21 00:00:00
alpinelinux
alpinelinux
CVE-2024-3864
2024-04-16 16:15:08

8.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.0%

JSON
Related for USN-6750-1
nessus55openvas25redhat18osv16oraclelinux6debian4rocky4almalinux4mageia2mozilla3slackware1ubuntu3gentoo1cgr7cvelist8ubuntucve8redhatcve8debiancve8veracode8cve8cnvd1alpinelinux1