Vulnerability CVE-2018-12374: Information
Description
Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird < 52.9.
Severity: MEDIUM (4.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
thunderbird | sisyphus | 52.9.0-alt1 | 115.9.0-alt1 | ALT-PU-2018-1978-1 | 209483 | Fixed |
thunderbird | p10 | 52.9.0-alt1 | 115.9.0-alt1 | ALT-PU-2018-1978-1 | 209483 | Fixed |
thunderbird | p9 | 52.9.0-alt1 | 102.11.0-alt0.c9.1 | ALT-PU-2018-1978-1 | 209483 | Fixed |
thunderbird | p8 | 52.9.0-alt0.M80P.1 | 60.8.0-alt0.M80P.1 | ALT-PU-2018-1988-1 | 209501 | Fixed |
thunderbird | c10f1 | 52.9.0-alt1 | 115.9.0-alt0.c10.1 | ALT-PU-2018-1978-1 | 209483 | Fixed |
thunderbird | c9f2 | 52.9.0-alt1 | 102.11.0-alt0.c9.1 | ALT-PU-2018-1978-1 | 209483 | Fixed |
thunderbird | c7 | 60.8.0-alt0.M70C.1 | 60.8.0-alt0.M70C.1 | ALT-PU-2019-2345-1 | 234994 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://www.mozilla.org/security/advisories/mfsa2018-18/ |
|
https://bugzilla.mozilla.org/show_bug.cgi?id=1462910 |
|
DSA-4244 |
|
USN-3714-1 |
|
[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update |
|
RHSA-2018:2252 |
|
RHSA-2018:2251 |
|
104613 |
|
GLSA-201811-13 |
|