SUSE update for MozillaThunderbird
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2024-7519 CVE-2024-7521 CVE-2024-7522 CVE-2024-7525 CVE-2024-7526 CVE-2024-7527 CVE-2024-7529 |
| CWE-ID | CWE-125 CWE-416 CWE-264 CWE-908 CWE-450 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SUSE Linux Enterprise Workstation Extension 15 Operating systems & Components / Operating system SUSE Package Hub 15 Operating systems & Components / Operating system SUSE Linux Enterprise Real Time 15 Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise Desktop 15 Operating systems & Components / Operating system SUSE Linux Enterprise Desktop 15 SP4 LTSS Operating systems & Components / Operating system SUSE Linux Enterprise Micro Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system MozillaThunderbird-debuginfo Operating systems & Components / Operating system package or component MozillaThunderbird-debugsource Operating systems & Components / Operating system package or component MozillaThunderbird-translations-common Operating systems & Components / Operating system package or component MozillaThunderbird-translations-other Operating systems & Components / Operating system package or component MozillaThunderbird Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU95422
Risk: High
CVSSv4.0: 6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-7519
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error when processing
graphics shared memory. A remote attacker can create a specially crafted
website, trick the victim into opening it, trigger an out-of-bounds read and bypass browser sandbox.
Update the affected package MozillaThunderbird to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Workstation Extension 15: SP5 - SP6
SUSE Package Hub 15: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise Desktop 15: SP5 - SP6
SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4
SUSE Linux Enterprise Micro: 5.5
SUSE Linux Enterprise High Performance Computing 15: SP5
MozillaThunderbird-debuginfo: before 115.14.0-150200.8.174.1
MozillaThunderbird-debugsource: before 115.14.0-150200.8.174.1
MozillaThunderbird-translations-common: before 115.14.0-150200.8.174.1
MozillaThunderbird-translations-other: before 115.14.0-150200.8.174.1
MozillaThunderbird: before 115.14.0-150200.8.174.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_workstation_extension_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_workstation_extension_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_package_hub_15:15-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_package_hub_15:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15_sp4_ltss:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillathunderbird-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-translations-other:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243112-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU95424
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-7521
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in WebAssembly. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package MozillaThunderbird to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Workstation Extension 15: SP5 - SP6
SUSE Package Hub 15: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise Desktop 15: SP5 - SP6
SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4
SUSE Linux Enterprise Micro: 5.5
SUSE Linux Enterprise High Performance Computing 15: SP5
MozillaThunderbird-debuginfo: before 115.14.0-150200.8.174.1
MozillaThunderbird-debugsource: before 115.14.0-150200.8.174.1
MozillaThunderbird-translations-common: before 115.14.0-150200.8.174.1
MozillaThunderbird-translations-other: before 115.14.0-150200.8.174.1
MozillaThunderbird: before 115.14.0-150200.8.174.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_workstation_extension_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_workstation_extension_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_package_hub_15:15-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_package_hub_15:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15_sp4_ltss:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillathunderbird-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-translations-other:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243112-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU95431
Risk: High
CVSSv4.0: 6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-7522
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
Description
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in editor component. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds read and bypass browser sandbox.
Update the affected package MozillaThunderbird to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Workstation Extension 15: SP5 - SP6
SUSE Package Hub 15: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise Desktop 15: SP5 - SP6
SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4
SUSE Linux Enterprise Micro: 5.5
SUSE Linux Enterprise High Performance Computing 15: SP5
MozillaThunderbird-debuginfo: before 115.14.0-150200.8.174.1
MozillaThunderbird-debugsource: before 115.14.0-150200.8.174.1
MozillaThunderbird-translations-common: before 115.14.0-150200.8.174.1
MozillaThunderbird-translations-other: before 115.14.0-150200.8.174.1
MozillaThunderbird: before 115.14.0-150200.8.174.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_workstation_extension_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_workstation_extension_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_package_hub_15:15-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_package_hub_15:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15_sp4_ltss:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillathunderbird-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-translations-other:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243112-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU95495
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-7525
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due missing permission check when creating a StreamFilter. A web extension with minimal permissions can create a StreamFilter, which can be used to read and modify the response body of requests on any site.
Update the affected package MozillaThunderbird to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Workstation Extension 15: SP5 - SP6
SUSE Package Hub 15: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise Desktop 15: SP5 - SP6
SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4
SUSE Linux Enterprise Micro: 5.5
SUSE Linux Enterprise High Performance Computing 15: SP5
MozillaThunderbird-debuginfo: before 115.14.0-150200.8.174.1
MozillaThunderbird-debugsource: before 115.14.0-150200.8.174.1
MozillaThunderbird-translations-common: before 115.14.0-150200.8.174.1
MozillaThunderbird-translations-other: before 115.14.0-150200.8.174.1
MozillaThunderbird: before 115.14.0-150200.8.174.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_workstation_extension_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_workstation_extension_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_package_hub_15:15-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_package_hub_15:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15_sp4_ltss:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillathunderbird-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-translations-other:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243112-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use of uninitialized resource
EUVDB-ID: #VU95496
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-7526
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to usage of uninitialized resources in WebGL ANGLE. A remote attacker can trick the victim to visit a specially crafted website and gain access to sensitive information.
Update the affected package MozillaThunderbird to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Workstation Extension 15: SP5 - SP6
SUSE Package Hub 15: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise Desktop 15: SP5 - SP6
SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4
SUSE Linux Enterprise Micro: 5.5
SUSE Linux Enterprise High Performance Computing 15: SP5
MozillaThunderbird-debuginfo: before 115.14.0-150200.8.174.1
MozillaThunderbird-debugsource: before 115.14.0-150200.8.174.1
MozillaThunderbird-translations-common: before 115.14.0-150200.8.174.1
MozillaThunderbird-translations-other: before 115.14.0-150200.8.174.1
MozillaThunderbird: before 115.14.0-150200.8.174.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_workstation_extension_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_workstation_extension_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_package_hub_15:15-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_package_hub_15:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15_sp4_ltss:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillathunderbird-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-translations-other:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243112-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU95497
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-7527
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in JavaScript garbage collection. A remote attacker can trick the victim into visiting a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package MozillaThunderbird to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Workstation Extension 15: SP5 - SP6
SUSE Package Hub 15: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise Desktop 15: SP5 - SP6
SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4
SUSE Linux Enterprise Micro: 5.5
SUSE Linux Enterprise High Performance Computing 15: SP5
MozillaThunderbird-debuginfo: before 115.14.0-150200.8.174.1
MozillaThunderbird-debugsource: before 115.14.0-150200.8.174.1
MozillaThunderbird-translations-common: before 115.14.0-150200.8.174.1
MozillaThunderbird-translations-other: before 115.14.0-150200.8.174.1
MozillaThunderbird: before 115.14.0-150200.8.174.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_workstation_extension_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_workstation_extension_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_package_hub_15:15-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_package_hub_15:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15_sp4_ltss:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillathunderbird-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-translations-other:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243112-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Multiple Interpretations of UI Input
EUVDB-ID: #VU95500
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-7529
CWE-ID:
CWE-450 - Multiple Interpretations of UI Input
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exist due to improper handling of the date picker, which can obscure security prompts. A remote attacker use a malicious site to trick a victim into granting permissions.
MitigationUpdate the affected package MozillaThunderbird to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Workstation Extension 15: SP5 - SP6
SUSE Package Hub 15: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise Desktop 15: SP5 - SP6
SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4
SUSE Linux Enterprise Micro: 5.5
SUSE Linux Enterprise High Performance Computing 15: SP5
MozillaThunderbird-debuginfo: before 115.14.0-150200.8.174.1
MozillaThunderbird-debugsource: before 115.14.0-150200.8.174.1
MozillaThunderbird-translations-common: before 115.14.0-150200.8.174.1
MozillaThunderbird-translations-other: before 115.14.0-150200.8.174.1
MozillaThunderbird: before 115.14.0-150200.8.174.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_workstation_extension_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_workstation_extension_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_package_hub_15:15-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_package_hub_15:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15_sp4_ltss:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillathunderbird-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-translations-other:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243112-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
