VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-ay1d-6m3f-aaae

Essentials
Severities (93)
References (30)
Severity details (9)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-ay1d-6m3f-aaae
Aliases	CVE-2024-1936
Summary	The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third party. While this update fixes the bug and avoids future message contamination, it does not automatically repair existing contaminations. Users are advised to use the repair folder functionality, which is available from the context menu of email folders, which will erase incorrect subject assignments. This vulnerability affects Thunderbird < 115.8.1.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-311

Missing Encryption of Sensitive Data

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1936.json
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00099	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00099	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00099	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00387	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00387	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00387	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00387	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00387	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00387	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00387	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00387	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00387	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00387	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00387	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.00387	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
epss	0.01226	https://api.first.org/data/v1/epss?cve=CVE-2024-1936
cvssv3.1	7.5	https://bugzilla.mozilla.org/show_bug.cgi?id=1860977
ssvc	Track*	https://bugzilla.mozilla.org/show_bug.cgi?id=1860977
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html
ssvc	Track*	https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-11
cvssv3.1	7.5	https://www.mozilla.org/security/advisories/mfsa2024-11/
ssvc	Track*	https://www.mozilla.org/security/advisories/mfsa2024-11/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1936.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-1936
		https://bugzilla.mozilla.org/show_bug.cgi?id=1860977
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5388
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0743
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1936
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2607
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2608
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2610
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2611
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2612
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2614
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2616
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html
		https://www.mozilla.org/security/advisories/mfsa2024-11/
2268171		https://bugzilla.redhat.com/show_bug.cgi?id=2268171
CVE-2024-1936		https://nvd.nist.gov/vuln/detail/CVE-2024-1936
GLSA-202405-32		https://security.gentoo.org/glsa/202405-32
mfsa2024-11		https://www.mozilla.org/en-US/security/advisories/mfsa2024-11
RHSA-2024:1492		https://access.redhat.com/errata/RHSA-2024:1492
RHSA-2024:1493		https://access.redhat.com/errata/RHSA-2024:1493
RHSA-2024:1494		https://access.redhat.com/errata/RHSA-2024:1494
RHSA-2024:1495		https://access.redhat.com/errata/RHSA-2024:1495
RHSA-2024:1496		https://access.redhat.com/errata/RHSA-2024:1496
RHSA-2024:1497		https://access.redhat.com/errata/RHSA-2024:1497
RHSA-2024:1498		https://access.redhat.com/errata/RHSA-2024:1498
RHSA-2024:1499		https://access.redhat.com/errata/RHSA-2024:1499
RHSA-2024:1500		https://access.redhat.com/errata/RHSA-2024:1500
USN-6669-1		https://usn.ubuntu.com/6669-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1936.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1860977

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-08T19:16:17Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1860977

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-08T19:16:17Z/ Found at https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-11/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-08T19:16:17Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-11/

Exploit Prediction Scoring System (EPSS)

Percentile	0.16666
EPSS Score	0.00045
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-04-23T17:18:11.119682+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2024-1936	34.0.0rc4