CVE-2024-11159

Reference Links

• https://bugzilla.mozilla.org/show_bug.cgi?id=1925929
• https://www.mozilla.org/en-US/security/advisories/mfsa2024-61/
• https://www.mozilla.org/en-US/security/advisories/mfsa2024-62/
• https://www.mozilla.org/security/advisories/mfsa2024-61/
• https://www.mozilla.org/security/advisories/mfsa2024-62/
• https://lists.debian.org/debian-lts-announce/2024/11/msg00017.html
• https://access.redhat.com/errata/RHSA-2024:10592
• https://access.redhat.com/errata/RHSA-2024:10591
• https://access.redhat.com/errata/RHSA-2024:10667
• https://access.redhat.com/errata/RHSA-2024:10703
• https://access.redhat.com/errata/RHSA-2024:10704
• https://access.redhat.com/errata/RHSA-2024:10710
• https://access.redhat.com/errata/RHSA-2024:10733
• https://access.redhat.com/errata/RHSA-2024:10734
• https://access.redhat.com/errata/RHSA-2024:10748
• https://bugzilla.redhat.com/show_bug.cgi?id=2325896

Parent vulnerabilities

(Appears in the following advisories)

• MFSA2024-62
• MFSA2024-61

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2024-11159

Frequently Asked Questions

• What is the severity of CVE-2024-11159?

  CVE-2024-11159 has a high severity due to its potential for plaintext disclosure.

• How do I fix CVE-2024-11159?

  To fix CVE-2024-11159, update Thunderbird to version 128.4.3 or later, or to version 132.0.1 or later.

• Which versions of Thunderbird are affected by CVE-2024-11159?

  Thunderbird versions prior to 128.4.3 and between 129.0 and 132.0.1 are affected by CVE-2024-11159.

• What does CVE-2024-11159 exploit?

  CVE-2024-11159 exploits the use of remote content in OpenPGP encrypted messages.

• What are the consequences of CVE-2024-11159?

  The main consequence of CVE-2024-11159 is the potential disclosure of sensitive plaintext information.