The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. While this update fixes the bug and avoids future message contamination, it does not automatically repair existing contaminations. Users are advised to use the repair folder functionality, which is available from the context menu of email folders, which will erase incorrect subject assignments. This vulnerability affects Thunderbird < 115.8.1.
                
            Metrics
Affected Vendors & Products
Advisories
    | Source | ID | Title | 
|---|---|---|
|  Debian DLA | DLA-3769-1 | thunderbird security update | 
|  Debian DSA | DSA-5644-1 | thunderbird security update | 
|  Ubuntu USN | USN-6669-1 | Thunderbird vulnerabilities | 
Fixes
    Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
        History
                    Mon, 30 Jun 2025 12:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Debian Debian debian Linux | |
| CPEs | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | |
| Vendors & Products | Debian Debian debian Linux | 
Tue, 26 Nov 2024 14:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Mozilla Mozilla thunderbird | |
| CPEs | cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* | |
| Vendors & Products | Mozilla Mozilla thunderbird | |
| Metrics | ssvc 
 | 
Tue, 26 Nov 2024 13:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third party. While this update fixes the bug and avoids future message contamination, it does not automatically repair existing contaminations. Users are advised to use the repair folder functionality, which is available from the context menu of email folders, which will erase incorrect subject assignments. This vulnerability affects Thunderbird < 115.8.1. | The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. While this update fixes the bug and avoids future message contamination, it does not automatically repair existing contaminations. Users are advised to use the repair folder functionality, which is available from the context menu of email folders, which will erase incorrect subject assignments. This vulnerability affects Thunderbird < 115.8.1. | 
Thu, 08 Aug 2024 22:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Weaknesses | CWE-922 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: mozilla
Published:
Updated: 2024-11-26T13:34:08.344Z
Reserved: 2024-02-27T15:09:51.732Z
Link: CVE-2024-1936
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-08-01T18:56:22.343Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2024-03-04T22:15:46.733
Modified: 2025-06-30T12:12:04.080
Link: CVE-2024-1936
 Redhat
                        Redhat
                     OpenCVE Enrichment
                        OpenCVE Enrichment
                    No data.