CVE-2018-12374

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird < 52.9.

References

http://www.securityfocus.com/bid/104613

https://access.redhat.com/errata/RHSA-2018:2251

https://access.redhat.com/errata/RHSA-2018:2252

https://bugzilla.mozilla.org/show_bug.cgi?id=1462910

https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html

https://security.gentoo.org/glsa/201811-13

https://usn.ubuntu.com/3714-1/

https://www.debian.org/security/2018/dsa-4244

https://www.mozilla.org/security/advisories/mfsa2018-18/

Details

Source: MITRE

Published: 2018-10-18

Updated: 2019-10-03

Type: CWE-200

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Impact Score: 1.4

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (19 total)

IDNameProductFamilySeverity
127413NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0145)NessusNewStart CGSL Local Security Checks
critical
127208NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0037)NessusNewStart CGSL Local Security Checks
critical
123208openSUSE Security Update : Mozilla Thunderbird (openSUSE-2019-503)NessusSuSE Local Security Checks
critical
119133GLSA-201811-13 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
112086Amazon Linux 2 : thunderbird (ALAS-2018-1061)NessusAmazon Linux Local Security Checks
critical
111356CentOS 6 : thunderbird (CESA-2018:2251)NessusCentOS Local Security Checks
critical
111344Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20180725)NessusScientific Linux Local Security Checks
critical
111343Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20180725)NessusScientific Linux Local Security Checks
critical
111341CentOS 7 : thunderbird (CESA-2018:2252)NessusCentOS Local Security Checks
critical
111323RHEL 7 : thunderbird (RHSA-2018:2252)NessusRed Hat Local Security Checks
critical
111322RHEL 6 : thunderbird (RHSA-2018:2251)NessusRed Hat Local Security Checks
critical
111320Oracle Linux 7 : thunderbird (ELSA-2018-2252)NessusOracle Linux Local Security Checks
critical
111319Oracle Linux 6 : thunderbird (ELSA-2018-2251)NessusOracle Linux Local Security Checks
critical
111087Debian DSA-4244-1 : thunderbird - security updateNessusDebian Local Security Checks
critical
111083Debian DLA-1425-1 : thunderbird security updateNessusDebian Local Security Checks
critical
111060Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : Thunderbird vulnerabilities (USN-3714-1)NessusUbuntu Local Security Checks
critical
111044Mozilla Thunderbird < 52.9 Multiple VulnerabilitiesNessusWindows
high
111043Mozilla Thunderbird < 52.9 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
high
110959openSUSE Security Update : Mozilla Thunderbird (openSUSE-2018-701)NessusSuSE Local Security Checks
critical