Bug 2268171 (CVE-2024-1936)
| Summary: | CVE-2024-1936 Mozilla: Leaking of encrypted email subjects to other conversations | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Mauro Matteo Cascella <mcascell> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | abobrov, erack, gotiwari, jhorak, mvyas, tpopela |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | thunderbird 115.8.1 | Doc Type: | --- |
| Doc Text: |
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third party. While this update fixes the bug and avoids future message contamination, it does not automatically repair existing contaminations. Users are advised to use the repair folder functionality, which is available from the context menu of email folders, which will erase incorrect subject assignments.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2268154 | ||
|
Description
Mauro Matteo Cascella
2024-03-06 13:29:36 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2024:1499 https://access.redhat.com/errata/RHSA-2024:1499 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:1493 https://access.redhat.com/errata/RHSA-2024:1493 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:1495 https://access.redhat.com/errata/RHSA-2024:1495 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2024:1498 https://access.redhat.com/errata/RHSA-2024:1498 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:1494 https://access.redhat.com/errata/RHSA-2024:1494 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:1492 https://access.redhat.com/errata/RHSA-2024:1492 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:1496 https://access.redhat.com/errata/RHSA-2024:1496 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:1497 https://access.redhat.com/errata/RHSA-2024:1497 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2024:1500 https://access.redhat.com/errata/RHSA-2024:1500 |