Vulnerability-Lookup

CVE-2018-12365 (GCVE-0-2018-12365)

Vulnerability from cvelistv5 – Published: 2018-10-18 13:00 – Updated: 2024-08-05 08:30

Summary

A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Severity ?

No CVSS data available.

CWE

Compromised IPC child process can list local filenames

Assigner

mozilla

References

20 references

URL	Tags
https://security.gentoo.org/glsa/201810-01	vendor-advisoryx_refsource_GENTOO
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:2112	vendor-advisoryx_refsource_REDHAT
https://security.gentoo.org/glsa/201811-13	vendor-advisoryx_refsource_GENTOO
https://www.debian.org/security/2018/dsa-4235	vendor-advisoryx_refsource_DEBIAN
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=1459206	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:2113	vendor-advisoryx_refsource_REDHAT
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_CONFIRM
https://www.debian.org/security/2018/dsa-4244	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/104560	vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041193	vdb-entryx_refsource_SECTRACK
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:2252	vendor-advisoryx_refsource_REDHAT
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:2251	vendor-advisoryx_refsource_REDHAT
https://usn.ubuntu.com/3705-1/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3714-1/	vendor-advisoryx_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST

Impacted products

3 products

Vendor	Product	Version
Mozilla	Thunderbird	Affected: unspecified , < 60 (custom) Affected: unspecified , < 52.9 (custom)
Mozilla	Firefox ESR	Affected: unspecified , < 60.1 (custom) Affected: unspecified , < 52.9 (custom)
Mozilla	Firefox	Affected: unspecified , < 61 (custom)

Date Public ?

2018-06-26 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:30:59.980Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201810-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201810-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-15/"
          },
          {
            "name": "RHSA-2018:2112",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2112"
          },
          {
            "name": "GLSA-201811-13",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201811-13"
          },
          {
            "name": "DSA-4235",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4235"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-18/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1459206"
          },
          {
            "name": "RHSA-2018:2113",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2113"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-16/"
          },
          {
            "name": "DSA-4244",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4244"
          },
          {
            "name": "104560",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104560"
          },
          {
            "name": "1041193",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041193"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-19/"
          },
          {
            "name": "RHSA-2018:2252",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2252"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-17/"
          },
          {
            "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html"
          },
          {
            "name": "RHSA-2018:2251",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2251"
          },
          {
            "name": "USN-3705-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3705-1/"
          },
          {
            "name": "USN-3714-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3714-1/"
          },
          {
            "name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "60",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "52.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "60.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "52.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "61",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-06-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Compromised IPC child process can list local filenames",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-25T10:57:01.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "GLSA-201810-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201810-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2018-15/"
        },
        {
          "name": "RHSA-2018:2112",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2112"
        },
        {
          "name": "GLSA-201811-13",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201811-13"
        },
        {
          "name": "DSA-4235",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4235"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2018-18/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1459206"
        },
        {
          "name": "RHSA-2018:2113",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2113"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2018-16/"
        },
        {
          "name": "DSA-4244",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4244"
        },
        {
          "name": "104560",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104560"
        },
        {
          "name": "1041193",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041193"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2018-19/"
        },
        {
          "name": "RHSA-2018:2252",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2252"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2018-17/"
        },
        {
          "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html"
        },
        {
          "name": "RHSA-2018:2251",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2251"
        },
        {
          "name": "USN-3705-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3705-1/"
        },
        {
          "name": "USN-3714-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3714-1/"
        },
        {
          "name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2018-12365",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "60"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "52.9"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "60.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "52.9"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "61"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Compromised IPC child process can list local filenames"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201810-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201810-01"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-15/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-15/"
            },
            {
              "name": "RHSA-2018:2112",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2112"
            },
            {
              "name": "GLSA-201811-13",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201811-13"
            },
            {
              "name": "DSA-4235",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4235"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-18/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-18/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1459206",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1459206"
            },
            {
              "name": "RHSA-2018:2113",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2113"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-16/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-16/"
            },
            {
              "name": "DSA-4244",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4244"
            },
            {
              "name": "104560",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104560"
            },
            {
              "name": "1041193",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041193"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-19/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-19/"
            },
            {
              "name": "RHSA-2018:2252",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2252"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-17/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-17/"
            },
            {
              "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html"
            },
            {
              "name": "RHSA-2018:2251",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2251"
            },
            {
              "name": "USN-3705-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3705-1/"
            },
            {
              "name": "USN-3714-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3714-1/"
            },
            {
              "name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2018-12365",
    "datePublished": "2018-10-18T13:00:00.000Z",
    "dateReserved": "2018-06-14T00:00:00.000Z",
    "dateUpdated": "2024-08-05T08:30:59.980Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-12365",
      "date": "2026-05-19",
      "epss": "0.01951",
      "percentile": "0.83674"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33C068A4-3780-4EAB-A937-6082DF847564\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BBCD86A-E6C7-4444-9D74-F861084090F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51EF4996-72F4-4FA4-814F-F5991E7A8318\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B353CE99-D57C-465B-AAB0-73EF581127D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF77CDCF-B9C9-427D-B2BF-36650FB2148C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B5A6F2F3-4894-4392-8296-3B8DD2679084\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9070C9D8-A14A-467F-8253-33B966C16886\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"61.0\", \"matchCriteriaId\": \"2F47E7EA-86AF-46A8-8E17-3360A8AE8492\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"53.0\", \"versionEndExcluding\": \"60.1.0\", \"matchCriteriaId\": \"C3B8C21C-B987-4585-BE32-7D9CB9FC1C24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"52.9\", \"matchCriteriaId\": \"A6C8C7E3-CDC4-4C30-A98D-CC55BF72A404\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"52.9\", \"matchCriteriaId\": \"B8131415-A73C-42F1-BB3E-E5F09CDD7FC4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"52.9.1\", \"versionEndExcluding\": \"60.0\", \"matchCriteriaId\": \"6C153A53-86A9-4EE3-8F40-733F844F371F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.\"}, {\"lang\": \"es\", \"value\": \"Un proceso hijo IPC comprometido puede escapar el sandbox de contenido y listar los nombres de archivos arbitrarios en el sistema de archivos sin consentimiento o interacci\\u00f3n del usuario. Esto podr\\u00eda resultar en la exposici\\u00f3n de archivos locales privados. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 60 y la 52.9, Firefox ESR en versiones anteriores a la 60.1 y la 52.9 y Firefox en versiones anteriores a la 61.\"}]",
      "id": "CVE-2018-12365",
      "lastModified": "2024-11-21T03:45:03.753",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2018-10-18T13:29:02.400",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/104560\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1041193\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2112\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2113\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2251\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2252\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1459206\", \"source\": \"security@mozilla.org\", \"tags\": [\"Issue Tracking\", \"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201810-01\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201811-13\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3705-1/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3714-1/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4235\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4244\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-15/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-16/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-17/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-18/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-19/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/104560\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1041193\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2112\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2113\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2251\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2252\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1459206\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201810-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201811-13\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3705-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3714-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4235\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4244\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-15/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-16/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-17/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-18/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-19/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@mozilla.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-12365\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2018-10-18T13:29:02.400\",\"lastModified\":\"2024-11-21T03:45:03.753\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.\"},{\"lang\":\"es\",\"value\":\"Un proceso hijo IPC comprometido puede escapar el sandbox de contenido y listar los nombres de archivos arbitrarios en el sistema de archivos sin consentimiento o interacci\u00f3n del usuario. Esto podr\u00eda resultar en la exposici\u00f3n de archivos locales privados. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 60 y la 52.9, Firefox ESR en versiones anteriores a la 60.1 y la 52.9 y Firefox en versiones anteriores a la 61.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B353CE99-D57C-465B-AAB0-73EF581127D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF77CDCF-B9C9-427D-B2BF-36650FB2148C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9070C9D8-A14A-467F-8253-33B966C16886\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"61.0\",\"matchCriteriaId\":\"2F47E7EA-86AF-46A8-8E17-3360A8AE8492\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"53.0\",\"versionEndExcluding\":\"60.1.0\",\"matchCriteriaId\":\"C3B8C21C-B987-4585-BE32-7D9CB9FC1C24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"52.9\",\"matchCriteriaId\":\"A6C8C7E3-CDC4-4C30-A98D-CC55BF72A404\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"52.9\",\"matchCriteriaId\":\"B8131415-A73C-42F1-BB3E-E5F09CDD7FC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"52.9.1\",\"versionEndExcluding\":\"60.0\",\"matchCriteriaId\":\"6C153A53-86A9-4EE3-8F40-733F844F371F\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/104560\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041193\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2112\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2113\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2251\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2252\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1459206\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201810-01\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201811-13\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3705-1/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3714-1/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4235\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4244\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-15/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-16/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-17/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-18/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-19/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104560\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041193\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2112\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2113\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2251\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2252\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1459206\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201810-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201811-13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3705-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3714-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4235\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4244\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-15/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-16/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-17/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-18/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-19/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2018-AVI-309

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Mozilla	Firefox	Firefox toutes versions antérieures à 61
Mozilla	Firefox	Firefox ESR toutes versions antérieures à 52.9
Mozilla	Firefox	Firefox ESR toutes versions antérieures à 60.1

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2018-17 du 26 juin 2018	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2018-16 du 26 juin 2018	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2018-15 du 26 juin 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox toutes versions ant\u00e9rieures \u00e0 61",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox ESR toutes versions ant\u00e9rieures \u00e0 52.9",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox ESR toutes versions ant\u00e9rieures \u00e0 60.1",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-12367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12367"
    },
    {
      "name": "CVE-2018-12371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12371"
    },
    {
      "name": "CVE-2018-5186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5186"
    },
    {
      "name": "CVE-2018-12362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12362"
    },
    {
      "name": "CVE-2018-12359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12359"
    },
    {
      "name": "CVE-2018-12361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12361"
    },
    {
      "name": "CVE-2018-12358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12358"
    },
    {
      "name": "CVE-2018-12360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12360"
    },
    {
      "name": "CVE-2018-5187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5187"
    },
    {
      "name": "CVE-2018-5156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5156"
    },
    {
      "name": "CVE-2018-12370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12370"
    },
    {
      "name": "CVE-2018-12364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12364"
    },
    {
      "name": "CVE-2018-5188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5188"
    },
    {
      "name": "CVE-2018-12363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12363"
    },
    {
      "name": "CVE-2018-12368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12368"
    },
    {
      "name": "CVE-2018-12365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12365"
    },
    {
      "name": "CVE-2018-12366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12366"
    },
    {
      "name": "CVE-2018-12369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12369"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-309",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-06-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-17 du 26 juin 2018",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-16 du 26 juin 2018",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-16/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-15 du 26 juin 2018",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/"
    }
  ]
}

CERTFR-2018-AVI-322

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de requêtes illégitimes par rebond (CSRF).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Thunderbird versions antérieures à 52.9

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2018-18 du 03 juillet 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Thunderbird versions ant\u00e9rieures \u00e0 52.9",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-12374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12374"
    },
    {
      "name": "CVE-2018-12362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12362"
    },
    {
      "name": "CVE-2018-12359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12359"
    },
    {
      "name": "CVE-2018-12373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12373"
    },
    {
      "name": "CVE-2018-12360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12360"
    },
    {
      "name": "CVE-2018-12372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12372"
    },
    {
      "name": "CVE-2018-12364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12364"
    },
    {
      "name": "CVE-2018-5188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5188"
    },
    {
      "name": "CVE-2018-12363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12363"
    },
    {
      "name": "CVE-2018-12368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12368"
    },
    {
      "name": "CVE-2018-12365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12365"
    },
    {
      "name": "CVE-2018-12366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12366"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-322",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-07-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es et une injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-18 du 03 juillet 2018",
      "url": "http://www.mozilla.org/en-US/security/advisories/mfsa2018-18/"
    }
  ]
}

CERTFR-2018-AVI-373

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Mozilla Thunderbird versions antérieures à 60

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2018-19 du 06 août 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mozilla Thunderbird versions ant\u00e9rieures \u00e0 60",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-12367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12367"
    },
    {
      "name": "CVE-2018-12371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12371"
    },
    {
      "name": "CVE-2018-12362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12362"
    },
    {
      "name": "CVE-2018-12359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12359"
    },
    {
      "name": "CVE-2018-12361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12361"
    },
    {
      "name": "CVE-2018-12360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12360"
    },
    {
      "name": "CVE-2018-5187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5187"
    },
    {
      "name": "CVE-2018-5156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5156"
    },
    {
      "name": "CVE-2018-12364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12364"
    },
    {
      "name": "CVE-2018-5188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5188"
    },
    {
      "name": "CVE-2018-12363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12363"
    },
    {
      "name": "CVE-2018-12368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12368"
    },
    {
      "name": "CVE-2018-12365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12365"
    },
    {
      "name": "CVE-2018-12366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12366"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-373",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-08-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-19 du 06 ao\u00fbt 2018",
      "url": "http://www.mozilla.org/en-US/security/advisories/mfsa2018-19/"
    }
  ]
}

CERTFR-2018-AVI-309

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Mozilla	Firefox	Firefox toutes versions antérieures à 61
Mozilla	Firefox	Firefox ESR toutes versions antérieures à 52.9
Mozilla	Firefox	Firefox ESR toutes versions antérieures à 60.1

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2018-17 du 26 juin 2018	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2018-16 du 26 juin 2018	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2018-15 du 26 juin 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox toutes versions ant\u00e9rieures \u00e0 61",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox ESR toutes versions ant\u00e9rieures \u00e0 52.9",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox ESR toutes versions ant\u00e9rieures \u00e0 60.1",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-12367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12367"
    },
    {
      "name": "CVE-2018-12371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12371"
    },
    {
      "name": "CVE-2018-5186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5186"
    },
    {
      "name": "CVE-2018-12362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12362"
    },
    {
      "name": "CVE-2018-12359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12359"
    },
    {
      "name": "CVE-2018-12361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12361"
    },
    {
      "name": "CVE-2018-12358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12358"
    },
    {
      "name": "CVE-2018-12360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12360"
    },
    {
      "name": "CVE-2018-5187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5187"
    },
    {
      "name": "CVE-2018-5156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5156"
    },
    {
      "name": "CVE-2018-12370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12370"
    },
    {
      "name": "CVE-2018-12364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12364"
    },
    {
      "name": "CVE-2018-5188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5188"
    },
    {
      "name": "CVE-2018-12363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12363"
    },
    {
      "name": "CVE-2018-12368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12368"
    },
    {
      "name": "CVE-2018-12365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12365"
    },
    {
      "name": "CVE-2018-12366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12366"
    },
    {
      "name": "CVE-2018-12369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12369"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-309",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-06-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-17 du 26 juin 2018",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-16 du 26 juin 2018",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-16/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-15 du 26 juin 2018",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/"
    }
  ]
}

CERTFR-2018-AVI-322

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Thunderbird versions antérieures à 52.9

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2018-18 du 03 juillet 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Thunderbird versions ant\u00e9rieures \u00e0 52.9",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-12374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12374"
    },
    {
      "name": "CVE-2018-12362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12362"
    },
    {
      "name": "CVE-2018-12359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12359"
    },
    {
      "name": "CVE-2018-12373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12373"
    },
    {
      "name": "CVE-2018-12360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12360"
    },
    {
      "name": "CVE-2018-12372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12372"
    },
    {
      "name": "CVE-2018-12364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12364"
    },
    {
      "name": "CVE-2018-5188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5188"
    },
    {
      "name": "CVE-2018-12363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12363"
    },
    {
      "name": "CVE-2018-12368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12368"
    },
    {
      "name": "CVE-2018-12365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12365"
    },
    {
      "name": "CVE-2018-12366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12366"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-322",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-07-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es et une injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-18 du 03 juillet 2018",
      "url": "http://www.mozilla.org/en-US/security/advisories/mfsa2018-18/"
    }
  ]
}

CERTFR-2018-AVI-373

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Mozilla Thunderbird versions antérieures à 60

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2018-19 du 06 août 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mozilla Thunderbird versions ant\u00e9rieures \u00e0 60",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-12367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12367"
    },
    {
      "name": "CVE-2018-12371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12371"
    },
    {
      "name": "CVE-2018-12362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12362"
    },
    {
      "name": "CVE-2018-12359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12359"
    },
    {
      "name": "CVE-2018-12361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12361"
    },
    {
      "name": "CVE-2018-12360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12360"
    },
    {
      "name": "CVE-2018-5187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5187"
    },
    {
      "name": "CVE-2018-5156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5156"
    },
    {
      "name": "CVE-2018-12364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12364"
    },
    {
      "name": "CVE-2018-5188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5188"
    },
    {
      "name": "CVE-2018-12363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12363"
    },
    {
      "name": "CVE-2018-12368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12368"
    },
    {
      "name": "CVE-2018-12365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12365"
    },
    {
      "name": "CVE-2018-12366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12366"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-373",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-08-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-19 du 06 ao\u00fbt 2018",
      "url": "http://www.mozilla.org/en-US/security/advisories/mfsa2018-19/"
    }
  ]
}

BDU:2019-03467

Vulnerability from fstec - Published: 26.06.2018

Title

Уязвимость браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, связанная с ошибками межпроцессного взаимодействия (IPC), позволяющая нарушителю раскрыть защищаемую информацию

Description

Уязвимость браузеров Firefox и Firefox ESR и почтового клиента Thunderbird связана с ошибками межпроцессного взаимодействия (IPC). Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, раскрыть защищаемую информацию

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Vendor

Canonical Ltd., Red Hat Inc., АО «ИВК», Сообщество свободного программного обеспечения, Novell Inc., ООО «РусБИТех-Астра», Mozilla Corp.

Software Name

Ubuntu, Red Hat Enterprise Linux, Альт Линукс СПТ (запись в едином реестре российских программ №9), Debian GNU/Linux, OpenSUSE Leap, Astra Linux Special Edition (запись в едином реестре российских программ №369), Альт 8 СП Сервер, Альт 8 СП Рабочая станция, Firefox, Firefox ESR, Thunderbird, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156)

Software Version

14.04 LTS (Ubuntu), 6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 7.0 (Альт Линукс СПТ), 9 (Debian GNU/Linux), 42.3 (OpenSUSE Leap), 17.10 (Ubuntu), 18.04 LTS (Ubuntu), 1.6 «Смоленск» (Astra Linux Special Edition), - (Альт 8 СП Сервер), - (Альт 8 СП Рабочая станция), 15.0 (OpenSUSE Leap), 8 (Debian GNU/Linux), до 61 (Firefox), до 52.9 (Firefox ESR), до 52.9 (Thunderbird), от 52.9.1 до 60.0 (Thunderbird), от 53.0 до 60.1.0 (Firefox ESR), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»)

Possible Mitigations

Использование рекомендаций: Для продуктов Mozilla: https://www.mozilla.org/security/advisories/mfsa2018-15/ https://www.mozilla.org/security/advisories/mfsa2018-16/ https://www.mozilla.org/security/advisories/mfsa2018-17/ https://www.mozilla.org/security/advisories/mfsa2018-18/ https://www.mozilla.org/security/advisories/mfsa2018-19/ Для продуктов Debian: https://www.debian.org/security/2018/dsa-4244 https://www.debian.org/security/2018/dsa-4235 https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html Для продуктов Ubuntu: https://usn.ubuntu.com/3714-1/ https://usn.ubuntu.com/3705-1/ Для продуктов Альт Линукс: https://cve.basealt.ru/ Для Astra Linux: https://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186 https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81 Для OpenSUSE: https://www.suse.com/security/cve/CVE-2018-12365/ Для продуктов Red Hat: https://access.redhat.com/security/cve/CVE-2018-12365

Reference

https://www.mozilla.org/security/advisories/mfsa2018-15/ https://www.mozilla.org/security/advisories/mfsa2018-16/ https://www.mozilla.org/security/advisories/mfsa2018-17/ https://www.mozilla.org/security/advisories/mfsa2018-18/ https://www.mozilla.org/security/advisories/mfsa2018-19/ https://usn.ubuntu.com/3705-1/ https://usn.ubuntu.com/3714-1/ https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html https://cve.basealt.ru/otchet-po-obnovleniiam-ot-08072019.html https://cve.basealt.ru/otchet-po-obnovleniiam-ot-31072019.html https://access.redhat.com/security/cve/cve-2018-12365 https://wiki.astralinux.ru/pages/viewpage.action?pageId=44892734 https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81

CWE

CWE-200, CWE-552

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., Red Hat Inc., \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Mozilla Corp.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "14.04 LTS (Ubuntu), 6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 7.0 (\u0410\u043b\u044c\u0442 \u041b\u0438\u043d\u0443\u043a\u0441 \u0421\u041f\u0422), 9 (Debian GNU/Linux), 42.3 (OpenSUSE Leap), 17.10 (Ubuntu), 18.04 LTS (Ubuntu), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f \u0421\u0435\u0440\u0432\u0435\u0440), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f \u0420\u0430\u0431\u043e\u0447\u0430\u044f \u0441\u0442\u0430\u043d\u0446\u0438\u044f), 15.0 (OpenSUSE Leap), 8 (Debian GNU/Linux), \u0434\u043e 61 (Firefox), \u0434\u043e 52.9 (Firefox ESR), \u0434\u043e 52.9 (Thunderbird), \u043e\u0442 52.9.1 \u0434\u043e 60.0 (Thunderbird), \u043e\u0442 53.0 \u0434\u043e 60.1.0 (Firefox ESR), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Mozilla:\nhttps://www.mozilla.org/security/advisories/mfsa2018-15/\nhttps://www.mozilla.org/security/advisories/mfsa2018-16/\nhttps://www.mozilla.org/security/advisories/mfsa2018-17/\nhttps://www.mozilla.org/security/advisories/mfsa2018-18/\nhttps://www.mozilla.org/security/advisories/mfsa2018-19/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Debian:\nhttps://www.debian.org/security/2018/dsa-4244\nhttps://www.debian.org/security/2018/dsa-4235\nhttps://lists.debian.org/debian-lts-announce/2018/07/msg00013.html\nhttps://lists.debian.org/debian-lts-announce/2018/06/msg00014.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Ubuntu:\nhttps://usn.ubuntu.com/3714-1/\nhttps://usn.ubuntu.com/3705-1/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 \u0410\u043b\u044c\u0442 \u041b\u0438\u043d\u0443\u043a\u0441:\nhttps://cve.basealt.ru/\n\n\u0414\u043b\u044f Astra Linux:\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\n\n\u0414\u043b\u044f OpenSUSE:\nhttps://www.suse.com/security/cve/CVE-2018-12365/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat:\nhttps://access.redhat.com/security/cve/CVE-2018-12365",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "26.06.2018",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "01.12.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "03.10.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-03467",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-12365",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Red Hat Enterprise Linux, \u0410\u043b\u044c\u0442 \u041b\u0438\u043d\u0443\u043a\u0441 \u0421\u041f\u0422 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21169), Debian GNU/Linux, OpenSUSE Leap, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u043b\u044c\u0442 8 \u0421\u041f \u0421\u0435\u0440\u0432\u0435\u0440, \u0410\u043b\u044c\u0442 8 \u0421\u041f \u0420\u0430\u0431\u043e\u0447\u0430\u044f \u0441\u0442\u0430\u043d\u0446\u0438\u044f, Firefox, Firefox ESR, Thunderbird, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 14.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , Canonical Ltd. Ubuntu 16.04 LTS , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 \u041b\u0438\u043d\u0443\u043a\u0441 \u0421\u041f\u0422 7.0  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21169), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Novell Inc. OpenSUSE Leap 42.3 , Canonical Ltd. Ubuntu 17.10 , Canonical Ltd. Ubuntu 18.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f \u0421\u0435\u0440\u0432\u0435\u0440 - , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f \u0420\u0430\u0431\u043e\u0447\u0430\u044f \u0441\u0442\u0430\u043d\u0446\u0438\u044f - , Novell Inc. OpenSUSE Leap 15.0 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Firefox \u0438 Firefox ESR \u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043c\u0435\u0436\u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043d\u043e\u0433\u043e \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f (IPC), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200), \u0424\u0430\u0439\u043b\u044b \u0438 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0438, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u0432\u043d\u0435\u0448\u043d\u0438\u043c \u0441\u0442\u043e\u0440\u043e\u043d\u0430\u043c (CWE-552)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Firefox \u0438 Firefox ESR \u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043c\u0435\u0436\u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043d\u043e\u0433\u043e \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f (IPC). \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.mozilla.org/security/advisories/mfsa2018-15/\n\nhttps://www.mozilla.org/security/advisories/mfsa2018-16/\n\nhttps://www.mozilla.org/security/advisories/mfsa2018-17/\n\nhttps://www.mozilla.org/security/advisories/mfsa2018-18/\n\nhttps://www.mozilla.org/security/advisories/mfsa2018-19/\n\nhttps://usn.ubuntu.com/3705-1/\n\nhttps://usn.ubuntu.com/3714-1/\n\nhttps://lists.debian.org/debian-lts-announce/2018/06/msg00014.html\n\nhttps://lists.debian.org/debian-lts-announce/2018/07/msg00013.html\n\nhttps://cve.basealt.ru/otchet-po-obnovleniiam-ot-08072019.html\n\nhttps://cve.basealt.ru/otchet-po-obnovleniiam-ot-31072019.html\n\nhttps://access.redhat.com/security/cve/cve-2018-12365\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=44892734\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-200, CWE-552",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,1)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}

CNVD-2018-13964

Vulnerability from cnvd - Published: 2018-07-25

Title

Mozilla Firefox信息泄露漏洞（CNVD-2018-13964）

Description

Mozilla Firefox和Firefox ESR都是美国Mozilla基金会开发的浏览器产品。Firefox是一款开源Web浏览器；Firefox ESR是Firefox的一个延长支持版本。 Mozilla Firefox 61之前版本、Firefox ESR 52.9之前版本和60.1之前版本中存在安全漏洞。攻击者可借助被控制的IPC子进程利用该漏洞列出本地文件名，泄露私人的本地文件。

Severity

中

Patch Name

Mozilla Firefox信息泄露漏洞（CNVD-2018-13964）的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/

Reference

https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/

Impacted products

Name
['Mozilla Firefox <61', 'Mozilla Firefox ESR <52.9', 'Mozilla Firefox ESR <60.1']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "104560"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-12365"
    }
  },
  "description": "Mozilla Firefox\u548cFirefox ESR\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u5f00\u53d1\u7684\u6d4f\u89c8\u5668\u4ea7\u54c1\u3002Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\uff1bFirefox ESR\u662fFirefox\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\r\n\r\nMozilla Firefox 61\u4e4b\u524d\u7248\u672c\u3001Firefox ESR 52.9\u4e4b\u524d\u7248\u672c\u548c60.1\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u88ab\u63a7\u5236\u7684IPC\u5b50\u8fdb\u7a0b\u5229\u7528\u8be5\u6f0f\u6d1e\u5217\u51fa\u672c\u5730\u6587\u4ef6\u540d\uff0c\u6cc4\u9732\u79c1\u4eba\u7684\u672c\u5730\u6587\u4ef6\u3002",
  "discovererName": "F. Alonso (revskills), Nils, David Black, Alex Gaynor, OSS-Fuzz, Abdulrahman Alqabandi",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-15/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-13964",
  "openTime": "2018-07-25",
  "patchDescription": "Mozilla Firefox\u548cFirefox ESR\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u5f00\u53d1\u7684\u6d4f\u89c8\u5668\u4ea7\u54c1\u3002Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\uff1bFirefox ESR\u662fFirefox\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\r\n\r\nMozilla Firefox 61\u4e4b\u524d\u7248\u672c\u3001Firefox ESR 52.9\u4e4b\u524d\u7248\u672c\u548c60.1\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u88ab\u63a7\u5236\u7684IPC\u5b50\u8fdb\u7a0b\u5229\u7528\u8be5\u6f0f\u6d1e\u5217\u51fa\u672c\u5730\u6587\u4ef6\u540d\uff0c\u6cc4\u9732\u79c1\u4eba\u7684\u672c\u5730\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mozilla Firefox\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-13964\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Mozilla Firefox \u003c61",
      "Mozilla Firefox ESR \u003c52.9",
      "Mozilla Firefox ESR \u003c60.1"
    ]
  },
  "referenceLink": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/",
  "serverity": "\u4e2d",
  "submitTime": "2018-06-28",
  "title": "Mozilla Firefox\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-13964\uff09"
}

FKIE_CVE-2018-12365

Vulnerability from fkie_nvd - Published: 2018-10-18 13:29 - Updated: 2024-11-21 03:45

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security@mozilla.org	http://www.securityfocus.com/bid/104560	Third Party Advisory, VDB Entry
security@mozilla.org	http://www.securitytracker.com/id/1041193	Third Party Advisory, VDB Entry
security@mozilla.org	https://access.redhat.com/errata/RHSA-2018:2112	Third Party Advisory
security@mozilla.org	https://access.redhat.com/errata/RHSA-2018:2113	Third Party Advisory
security@mozilla.org	https://access.redhat.com/errata/RHSA-2018:2251	Third Party Advisory
security@mozilla.org	https://access.redhat.com/errata/RHSA-2018:2252	Third Party Advisory
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1459206	Issue Tracking, Permissions Required, Vendor Advisory
security@mozilla.org	https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html	Mailing List, Third Party Advisory
security@mozilla.org	https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html	Mailing List, Third Party Advisory
security@mozilla.org	https://security.gentoo.org/glsa/201810-01	Third Party Advisory
security@mozilla.org	https://security.gentoo.org/glsa/201811-13	Third Party Advisory
security@mozilla.org	https://usn.ubuntu.com/3705-1/	Third Party Advisory
security@mozilla.org	https://usn.ubuntu.com/3714-1/	Third Party Advisory
security@mozilla.org	https://www.debian.org/security/2018/dsa-4235	Third Party Advisory
security@mozilla.org	https://www.debian.org/security/2018/dsa-4244	Third Party Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2018-15/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2018-16/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2018-17/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2018-18/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2018-19/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/104560	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041193	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:2112	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:2113	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:2251	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:2252	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1459206	Issue Tracking, Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201810-01	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201811-13	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3705-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3714-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2018/dsa-4235	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2018/dsa-4244	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2018-15/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2018-16/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2018-17/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2018-18/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2018-19/	Vendor Advisory

Impacted products

Vendor	Product	Version
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	7.6
redhat	enterprise_linux_server_eus	7.5
redhat	enterprise_linux_server_eus	7.6
redhat	enterprise_linux_server_tus	7.6
redhat	enterprise_linux_workstation	6.0
redhat	enterprise_linux_workstation	7.0
debian	debian_linux	8.0
debian	debian_linux	9.0
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	17.10
canonical	ubuntu_linux	18.04
mozilla	firefox	*
mozilla	firefox	*
mozilla	firefox_esr	*
mozilla	thunderbird	*
mozilla	thunderbird	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F47E7EA-86AF-46A8-8E17-3360A8AE8492",
              "versionEndExcluding": "61.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3B8C21C-B987-4585-BE32-7D9CB9FC1C24",
              "versionEndExcluding": "60.1.0",
              "versionStartIncluding": "53.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C8C7E3-CDC4-4C30-A98D-CC55BF72A404",
              "versionEndExcluding": "52.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8131415-A73C-42F1-BB3E-E5F09CDD7FC4",
              "versionEndExcluding": "52.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C153A53-86A9-4EE3-8F40-733F844F371F",
              "versionEndExcluding": "60.0",
              "versionStartIncluding": "52.9.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61."
    },
    {
      "lang": "es",
      "value": "Un proceso hijo IPC comprometido puede escapar el sandbox de contenido y listar los nombres de archivos arbitrarios en el sistema de archivos sin consentimiento o interacci\u00f3n del usuario. Esto podr\u00eda resultar en la exposici\u00f3n de archivos locales privados. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 60 y la 52.9, Firefox ESR en versiones anteriores a la 60.1 y la 52.9 y Firefox en versiones anteriores a la 61."
    }
  ],
  "id": "CVE-2018-12365",
  "lastModified": "2024-11-21T03:45:03.753",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-18T13:29:02.400",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104560"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041193"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2112"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2113"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2251"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2252"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1459206"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201810-01"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201811-13"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3705-1/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3714-1/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4235"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4244"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-15/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-16/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-17/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-18/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-19/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104560"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041193"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2112"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2113"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2251"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2252"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1459206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201810-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201811-13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3705-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3714-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4235"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4244"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-15/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-16/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-17/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-18/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-19/"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-M35P-3HFP-7XR6

Vulnerability from github – Published: 2022-05-14 01:54 – Updated: 2024-10-21 15:32

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-12365"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-18T13:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
  "id": "GHSA-m35p-3hfp-7xr6",
  "modified": "2024-10-21T15:32:21Z",
  "published": "2022-05-14T01:54:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12365"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-19"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-18"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-17"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-16"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-15"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4244"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4235"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3714-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3705-1"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201811-13"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201810-01"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1459206"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2252"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2251"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2113"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2112"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104560"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041193"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-12365 (GCVE-0-2018-12365)

Solution

Solution

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature