CVE-2024-11700 Affecting thunderbird package, versions *


Severity

Recommended
medium

Based on Ubuntu security rating.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UBUNTU2204-THUNDERBIRD-8421886
  • published27 Nov 2024
  • disclosed26 Nov 2024

Introduced: 26 Nov 2024

NewCVE-2024-11700  (opens in a new tab)
First added by Snyk

How to fix?

There is no fixed version for Ubuntu:22.04 thunderbird.

NVD Description

Note: Versions mentioned in the description apply only to the upstream thunderbird package and not the thunderbird package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133.

CVSS Scores

version 3.1