CVE-2018-5184

high

New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.

References

http://www.securityfocus.com/bid/104240

http://www.securitytracker.com/id/1040946

https://access.redhat.com/errata/RHSA-2018:1725

https://access.redhat.com/errata/RHSA-2018:1726

https://bugzilla.mozilla.org/show_bug.cgi?id=1411592

https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html

https://security.gentoo.org/glsa/201811-13

https://usn.ubuntu.com/3660-1/

https://www.debian.org/security/2018/dsa-4209

https://www.mozilla.org/security/advisories/mfsa2018-13/

Details

Source: MITRE

Published: 2018-06-11

Updated: 2019-03-13

Type: CWE-326

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

ID	Name	Product	Family	Severity
127395	NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0136)	Nessus	NewStart CGSL Local Security Checks	critical
127208	NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0037)	Nessus	NewStart CGSL Local Security Checks	critical
123171	openSUSE Security Update : Mozilla Thunderbird (openSUSE-2019-364)	Nessus	SuSE Local Security Checks	critical
119133	GLSA-201811-13 : Mozilla Thunderbird: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
110449	Amazon Linux 2 : thunderbird (ALAS-2018-1032)	Nessus	Amazon Linux Local Security Checks	critical
110206	CentOS 6 : thunderbird (CESA-2018:1726)	Nessus	CentOS Local Security Checks	critical
110205	CentOS 7 : thunderbird (CESA-2018:1725)	Nessus	CentOS Local Security Checks	critical
110191	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : Thunderbird vulnerabilities (USN-3660-1)	Nessus	Ubuntu Local Security Checks	critical
110158	Debian DLA-1382-1 : thunderbird security update	Nessus	Debian Local Security Checks	critical
110122	Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20180524)	Nessus	Scientific Linux Local Security Checks	critical
110121	Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20180524)	Nessus	Scientific Linux Local Security Checks	critical
110120	RHEL 6 : thunderbird (RHSA-2018:1726)	Nessus	Red Hat Local Security Checks	critical
110119	RHEL 7 : thunderbird (RHSA-2018:1725)	Nessus	Red Hat Local Security Checks	critical
110109	Oracle Linux 6 : thunderbird (ELSA-2018-1726)	Nessus	Oracle Linux Local Security Checks	critical
110108	Oracle Linux 7 : thunderbird (ELSA-2018-1725)	Nessus	Oracle Linux Local Security Checks	critical
110101	Debian DSA-4209-1 : thunderbird - security update	Nessus	Debian Local Security Checks	critical
109946	Mozilla Thunderbird < 52.8 Multiple Vulnerabilities (EFAIL)	Nessus	Windows	critical
109935	openSUSE Security Update : Mozilla Thunderbird (openSUSE-2018-486)	Nessus	SuSE Local Security Checks	critical

CVE-2018-5184

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Tenable Plugins

critical

critical

critical

high

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical