CVE-2024-0753: Medium severity thunderbird vulnerability

Q: What is the severity of CVE-2024-0753?

CVE-2024-0753 is considered a moderate severity vulnerability that allows an attacker to bypass HSTS on a subdomain.

Q: How can I mitigate CVE-2024-0753?

To mitigate CVE-2024-0753, update affected software to version 115.7 or later for Mozilla Thunderbird, Firefox, and Firefox ESR.

Q: Which software is affected by CVE-2024-0753?

CVE-2024-0753 affects Mozilla Thunderbird, Firefox, and Firefox ESR versions up to 115.7 and specific Debian packages.

Q: What is HSTS and how does CVE-2024-0753 relate to it?

HTTP Strict Transport Security (HSTS) is a web security policy mechanism and CVE-2024-0753 could allow attackers to bypass this protection on subdomains.

Q: Are there known exploits for CVE-2024-0753?

As of now, there are no public exploits specifically documented for CVE-2024-0753.

Published Jan 23, 2024

Updated

In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain.

Affected Software

12 affected componentsFixes available

redhat/firefox<115.7

115.7

redhat/thunderbird<115.7

115.7

Mozilla Thunderbird<115.7

115.7

Mozilla Firefox<122

122

Mozilla Firefox ESR<115.7

115.7

Mozilla Firefox<122.0

Mozilla Firefox ESR<115.7

Mozilla Thunderbird<115.7

Debian Debian Linux=10.0

debian/firefox

137.0.1-1

debian/firefox-esr

115.14.0esr-1~deb11u1128.9.0esr-1~deb11u1128.8.0esr-1~deb12u1128.9.0esr-1~deb12u1128.9.0esr-2

debian/thunderbird

1:115.12.0-1~deb11u11:128.9.0esr-1~deb11u11:128.8.0esr-1~deb12u11:128.9.0esr-1~deb12u11:128.9.0esr-1

Event History

Jan 23, 2024

CVE Published

via Mozilla·12:00 AM

CVE Published

via MITRE·01:48 PM

Data Sourced

via MITRE·01:48 PM

DescriptionWeakness

Data Sourced

via Red Hat·08:55 PM

DescriptionSeverityAffected Software

Feb 14, 2024

Data Sourced

via Launchpad·02:53 PM

Description

Sep 17, 2024

Data Sourced

via Ubuntu·03:30 PM

RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the severity of CVE-2024-0753?

CVE-2024-0753 is considered a moderate severity vulnerability that allows an attacker to bypass HSTS on a subdomain.

How can I mitigate CVE-2024-0753?

To mitigate CVE-2024-0753, update affected software to version 115.7 or later for Mozilla Thunderbird, Firefox, and Firefox ESR.

Which software is affected by CVE-2024-0753?

CVE-2024-0753 affects Mozilla Thunderbird, Firefox, and Firefox ESR versions up to 115.7 and specific Debian packages.

What is HSTS and how does CVE-2024-0753 relate to it?

HTTP Strict Transport Security (HSTS) is a web security policy mechanism and CVE-2024-0753 could allow attackers to bypass this protection on subdomains.

Are there known exploits for CVE-2024-0753?

As of now, there are no public exploits specifically documented for CVE-2024-0753.

CVE-2024-0753: Medium severity thunderbird vulnerability

Affected Software

Event History

Parent advisories

Peer vulnerabilities

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2024-0753?

How can I mitigate CVE-2024-0753?

Which software is affected by CVE-2024-0753?

What is HSTS and how does CVE-2024-0753 relate to it?

Are there known exploits for CVE-2024-0753?

Company

Resources

Contact