ByteOS Network

NVD Vulnerability Details :

CVE-2018-12365

Analyzed

Source-security@mozilla.org

Published At-18 Oct, 2018 | 13:29

Updated At-21 Oct, 2024 | 13:55

A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	6.5	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N

Type: Primary

Version: 3.0

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:N/A:N

CPE Matches

Red Hat, Inc.

>>enterprise_linux_desktop>>6.0

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_desktop>>7.0

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server>>6.0

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server>>7.0

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_aus>>7.6

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_eus>>7.5

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_eus>>7.6

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_tus>>7.6

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_workstation>>6.0

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_workstation>>7.0

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>8.0

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>9.0

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Canonical Ltd.

>>ubuntu_linux>>14.04

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

Canonical Ltd.

>>ubuntu_linux>>16.04

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

Canonical Ltd.

>>ubuntu_linux>>17.10

cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

Canonical Ltd.

>>ubuntu_linux>>18.04

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Mozilla Corporation

>>firefox>>Versions before 61.0(exclusive)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>Versions from 53.0(inclusive) to 60.1.0(exclusive)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Mozilla Corporation

>>firefox_esr>>Versions before 52.9(exclusive)

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

Mozilla Corporation

>>thunderbird>>Versions before 52.9(exclusive)

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Mozilla Corporation

>>thunderbird>>Versions from 52.9.1(inclusive) to 60.0(exclusive)

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-200	Primary	nvd@nist.gov

CWE ID: CWE-200

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/104560	security@mozilla.org	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041193	security@mozilla.org	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:2112	security@mozilla.org	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2113	security@mozilla.org	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2251	security@mozilla.org	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2252	security@mozilla.org	Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1459206	security@mozilla.org	Issue Tracking Permissions Required Vendor Advisory
https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html	security@mozilla.org	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html	security@mozilla.org	Mailing List Third Party Advisory
https://security.gentoo.org/glsa/201810-01	security@mozilla.org	Third Party Advisory
https://security.gentoo.org/glsa/201811-13	security@mozilla.org	Third Party Advisory
https://usn.ubuntu.com/3705-1/	security@mozilla.org	Third Party Advisory
https://usn.ubuntu.com/3714-1/	security@mozilla.org	Third Party Advisory
https://www.debian.org/security/2018/dsa-4235	security@mozilla.org	Third Party Advisory
https://www.debian.org/security/2018/dsa-4244	security@mozilla.org	Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2018-15/	security@mozilla.org	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-16/	security@mozilla.org	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-17/	security@mozilla.org	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-18/	security@mozilla.org	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-19/	security@mozilla.org	Vendor Advisory