vulnerability
Oracle Linux: CVE-2023-4580: ELSA-2023-4945: thunderbird security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | Aug 29, 2023 | May 21, 2024 | Dec 3, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Aug 29, 2023
Added
May 21, 2024
Modified
Dec 3, 2025
Description
Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
The Mozilla Foundation Security Advisory describes this flaw as:
Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information.
The Mozilla Foundation Security Advisory describes this flaw as:
Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information.
Solutions
oracle-linux-upgrade-firefoxoracle-linux-upgrade-firefox-x11oracle-linux-upgrade-thunderbird
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.