VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-bfd5-qjb5-1udv

Essentials
Severities (97)
References (22)
Severity details (12)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-bfd5-qjb5-1udv
Aliases	CVE-2024-11159
Summary	Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird < 128.4.3 and Thunderbird < 132.0.1.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

System	Score	Found at
cvssv3	4.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11159.json
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.0004	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.0004	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.0004	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.0004	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.0004	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00041	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00041	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00041	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00041	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00041	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00041	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00041	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00041	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00041	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00041	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00041	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00041	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
cvssv3.1	5.3	https://bugzilla.mozilla.org/show_bug.cgi?id=1925929
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=1925929
cvssv3.1	6.2	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	4.3	https://nvd.nist.gov/vuln/detail/CVE-2024-11159
cvssv3.1	4.3	https://nvd.nist.gov/vuln/detail/CVE-2024-11159
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-61
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-62
cvssv3.1	5.3	https://www.mozilla.org/security/advisories/mfsa2024-61/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-61/
cvssv3.1	5.3	https://www.mozilla.org/security/advisories/mfsa2024-62/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-62/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11159.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-11159
		https://bugzilla.mozilla.org/show_bug.cgi?id=1925929
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11159
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://lists.debian.org/debian-lts-announce/2024/11/msg00017.html
		https://www.mozilla.org/security/advisories/mfsa2024-61/
		https://www.mozilla.org/security/advisories/mfsa2024-62/
2325896		https://bugzilla.redhat.com/show_bug.cgi?id=2325896
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
CVE-2024-11159		https://nvd.nist.gov/vuln/detail/CVE-2024-11159
mfsa2024-61		https://www.mozilla.org/en-US/security/advisories/mfsa2024-61
mfsa2024-62		https://www.mozilla.org/en-US/security/advisories/mfsa2024-62
RHSA-2024:10591		https://access.redhat.com/errata/RHSA-2024:10591
RHSA-2024:10592		https://access.redhat.com/errata/RHSA-2024:10592
RHSA-2024:10667		https://access.redhat.com/errata/RHSA-2024:10667
RHSA-2024:10703		https://access.redhat.com/errata/RHSA-2024:10703
RHSA-2024:10704		https://access.redhat.com/errata/RHSA-2024:10704
RHSA-2024:10710		https://access.redhat.com/errata/RHSA-2024:10710
RHSA-2024:10733		https://access.redhat.com/errata/RHSA-2024:10733
RHSA-2024:10734		https://access.redhat.com/errata/RHSA-2024:10734
RHSA-2024:10748		https://access.redhat.com/errata/RHSA-2024:10748

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11159.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1925929

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T21:10:02Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1925929

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-11159

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-11159

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-61/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T21:10:02Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-61/

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-62/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T21:10:02Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-62/

Exploit Prediction Scoring System (EPSS)

Percentile	0.0604
EPSS Score	0.00028
Published At	April 15, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2024-11-14T12:11:41.700476+00:00	SUSE Severity Score Importer	Import	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml	34.3.0