VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-qnt8-xbnq-yybd

Essentials
Severities (27)
References (22)
Severity details (11)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-qnt8-xbnq-yybd
Aliases	CVE-2024-11159
Summary	Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

System	Score	Found at
cvssv3	4.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11159.json
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00064	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00064	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00064	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00064	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00064	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
epss	0.00064	https://api.first.org/data/v1/epss?cve=CVE-2024-11159
cvssv3.1	5.3	https://bugzilla.mozilla.org/show_bug.cgi?id=1925929
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=1925929
cvssv3.1	6.2	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	4.3	https://nvd.nist.gov/vuln/detail/CVE-2024-11159
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-61
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-62
cvssv3.1	5.3	https://www.mozilla.org/security/advisories/mfsa2024-61/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-61/
cvssv3.1	5.3	https://www.mozilla.org/security/advisories/mfsa2024-62/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-62/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11159.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-11159
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11159
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://lists.debian.org/debian-lts-announce/2024/11/msg00017.html
2325896		https://bugzilla.redhat.com/show_bug.cgi?id=2325896
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
CVE-2024-11159		https://nvd.nist.gov/vuln/detail/CVE-2024-11159
mfsa2024-61		https://www.mozilla.org/en-US/security/advisories/mfsa2024-61
mfsa2024-61		https://www.mozilla.org/security/advisories/mfsa2024-61/
mfsa2024-62		https://www.mozilla.org/en-US/security/advisories/mfsa2024-62
mfsa2024-62		https://www.mozilla.org/security/advisories/mfsa2024-62/
RHSA-2024:10591		https://access.redhat.com/errata/RHSA-2024:10591
RHSA-2024:10592		https://access.redhat.com/errata/RHSA-2024:10592
RHSA-2024:10667		https://access.redhat.com/errata/RHSA-2024:10667
RHSA-2024:10703		https://access.redhat.com/errata/RHSA-2024:10703
RHSA-2024:10704		https://access.redhat.com/errata/RHSA-2024:10704
RHSA-2024:10710		https://access.redhat.com/errata/RHSA-2024:10710
RHSA-2024:10733		https://access.redhat.com/errata/RHSA-2024:10733
RHSA-2024:10734		https://access.redhat.com/errata/RHSA-2024:10734
RHSA-2024:10748		https://access.redhat.com/errata/RHSA-2024:10748
show_bug.cgi?id=1925929		https://bugzilla.mozilla.org/show_bug.cgi?id=1925929

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11159.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1925929

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T21:10:02Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1925929

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-11159

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-61/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T21:10:02Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-61/

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-62/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T21:10:02Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-62/

Exploit Prediction Scoring System (EPSS)

Percentile	0.17816
EPSS Score	0.00057
Published At	Aug. 4, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:09:03.721174+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2024/mfsa2024-61.yml	37.0.0