CVE-2024-1936

{"id": "CVE-2024-1936", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2024-03-04T22:15:46.733", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1860977", "tags": ["Issue Tracking", "Exploit", "Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html", "tags": ["Mailing List"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-11/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1860977", "tags": ["Issue Tracking", "Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-11/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-922"}]}], "descriptions": [{"lang": "en", "value": "The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. While this update fixes the bug and avoids future message contamination, it does not automatically repair existing contaminations. Users are advised to use the repair folder functionality, which is available from the context menu of email folders, which will erase incorrect subject assignments. This vulnerability affects Thunderbird < 115.8.1."}, {"lang": "es", "value": "El asunto cifrado de un mensaje de correo electr\u00f3nico podr\u00eda asignarse de forma incorrecta y permanente a otro mensaje de correo electr\u00f3nico arbitrario en la cach\u00e9 local de Thunderbird. En consecuencia, al responder al mensaje de correo electr\u00f3nico contaminado, el usuario podr\u00eda filtrar accidentalmente el asunto confidencial a un tercero. Si bien esta actualizaci\u00f3n corrige el error y evita la contaminaci\u00f3n futura de mensajes, no repara autom\u00e1ticamente las contaminaciones existentes. Se recomienda a los usuarios que utilicen la funci\u00f3n de reparaci\u00f3n de carpetas, que est\u00e1 disponible en el men\u00fa contextual de las carpetas de correo electr\u00f3nico, que borrar\u00e1 las asignaciones de asuntos incorrectas. Esta vulnerabilidad afecta a Thunderbird &lt; 115.8.1."}], "lastModified": "2025-06-30T12:12:04.080", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8230BD9-CD98-40C0-AFDC-A439EA6DDA3A", "versionEndExcluding": "115.8.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}