Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:ru.altx-soft.nix:def:33400
[Eng]
Version
8
Class
patch
ALTXid
182991
Language
Russian
Severity
Critical
Title
Обновление DLA-1425-1 -- устранение уязвимостей в thunderbird
Description
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails.
Family
unix
Platform
Debian 8
Product
thunderbird
Reference
VENDOR: DLA-1425-1
VENDOR: DLA-1425-1
Id:
DLA-1425-1
Reference:
https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201807/msg00013.html
CVE: CVE-2018-5188
CVE: CVE-2018-5188
Id:
CVE-2018-5188
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5188
Comment
: Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://www.mozilla.org/security/advisories/mfsa2018-19/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-18/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-17/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-16/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-15/ (CONFIRM)
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1456189%2C1456975%2C1465898%2C1392739%2C1451297%2C1464063%2C1437842%2C1442722%2C1452576%2C1450688%2C1458264%2C1458270%2C1465108%2C1464829%2C1464079%2C1463494%2C1458048 (CONFIRM)
DSA-4244 (DEBIAN)
USN-3749-1 (UBUNTU)
USN-3714-1 (UBUNTU)
USN-3705-1 (UBUNTU)
[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update (MLIST)
[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update (MLIST)
RHSA-2018:2252 (REDHAT)
RHSA-2018:2251 (REDHAT)
RHSA-2018:2113 (REDHAT)
RHSA-2018:2112 (REDHAT)
104555 (BID)
GLSA-201810-01 (GENTOO)
GLSA-201811-13 (GENTOO)
CVE: CVE-2018-12359
CVE: CVE-2018-12359
Id:
CVE-2018-12359
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12359
Comment
: A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://www.mozilla.org/security/advisories/mfsa2018-19/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-18/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-17/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-16/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-15/ (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=1459162 (CONFIRM)
DSA-4244 (DEBIAN)
DSA-4235 (DEBIAN)
USN-3714-1 (UBUNTU)
USN-3705-1 (UBUNTU)
[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update (MLIST)
[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update (MLIST)
RHSA-2018:2252 (REDHAT)
RHSA-2018:2251 (REDHAT)
RHSA-2018:2113 (REDHAT)
RHSA-2018:2112 (REDHAT)
1041193 (SECTRACK)
104555 (BID)
GLSA-201810-01 (GENTOO)
GLSA-201811-13 (GENTOO)
CVE: CVE-2018-12360
CVE: CVE-2018-12360
Id:
CVE-2018-12360
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12360
Comment
: A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://www.mozilla.org/security/advisories/mfsa2018-19/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-18/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-17/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-16/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-15/ (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=1459693 (CONFIRM)
DSA-4244 (DEBIAN)
DSA-4235 (DEBIAN)
USN-3714-1 (UBUNTU)
USN-3705-1 (UBUNTU)
[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update (MLIST)
[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update (MLIST)
RHSA-2018:2252 (REDHAT)
RHSA-2018:2251 (REDHAT)
RHSA-2018:2113 (REDHAT)
RHSA-2018:2112 (REDHAT)
1041193 (SECTRACK)
104555 (BID)
GLSA-201810-01 (GENTOO)
GLSA-201811-13 (GENTOO)
CVE: CVE-2018-12362
CVE: CVE-2018-12362
Id:
CVE-2018-12362
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12362
Comment
: An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
190 (Integer Overflow or Wraparound)
References:
https://www.mozilla.org/security/advisories/mfsa2018-19/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-18/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-17/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-16/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-15/ (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=1452375 (CONFIRM)
DSA-4244 (DEBIAN)
DSA-4235 (DEBIAN)
USN-3714-1 (UBUNTU)
USN-3705-1 (UBUNTU)
[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update (MLIST)
[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update (MLIST)
RHSA-2018:2252 (REDHAT)
RHSA-2018:2251 (REDHAT)
RHSA-2018:2113 (REDHAT)
RHSA-2018:2112 (REDHAT)
1041193 (SECTRACK)
104560 (BID)
GLSA-201810-01 (GENTOO)
GLSA-201811-13 (GENTOO)
CVE: CVE-2018-12363
CVE: CVE-2018-12363
Id:
CVE-2018-12363
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12363
Comment
: A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://www.mozilla.org/security/advisories/mfsa2018-19/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-18/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-17/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-16/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-15/ (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=1464784 (CONFIRM)
DSA-4244 (DEBIAN)
DSA-4235 (DEBIAN)
USN-3714-1 (UBUNTU)
USN-3705-1 (UBUNTU)
[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update (MLIST)
[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update (MLIST)
RHSA-2018:2252 (REDHAT)
RHSA-2018:2251 (REDHAT)
RHSA-2018:2113 (REDHAT)
RHSA-2018:2112 (REDHAT)
1041193 (SECTRACK)
104560 (BID)
GLSA-201810-01 (GENTOO)
GLSA-201811-13 (GENTOO)
CVE: CVE-2018-12364
CVE: CVE-2018-12364
Id:
CVE-2018-12364
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12364
Comment
: NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
352 ()
References:
https://www.mozilla.org/security/advisories/mfsa2018-19/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-18/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-17/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-16/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-15/ (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=1436241 (CONFIRM)
DSA-4244 (DEBIAN)
DSA-4235 (DEBIAN)
USN-3714-1 (UBUNTU)
USN-3705-1 (UBUNTU)
[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update (MLIST)
[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update (MLIST)
RHSA-2018:2252 (REDHAT)
RHSA-2018:2251 (REDHAT)
RHSA-2018:2113 (REDHAT)
RHSA-2018:2112 (REDHAT)
1041193 (SECTRACK)
104560 (BID)
GLSA-201810-01 (GENTOO)
GLSA-201811-13 (GENTOO)
CVE: CVE-2018-12365
CVE: CVE-2018-12365
Id:
CVE-2018-12365
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12365
Comment
: A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
200 (Information Exposure)
References:
https://www.mozilla.org/security/advisories/mfsa2018-19/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-18/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-17/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-16/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-15/ (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=1459206 (CONFIRM)
DSA-4244 (DEBIAN)
DSA-4235 (DEBIAN)
USN-3714-1 (UBUNTU)
USN-3705-1 (UBUNTU)
[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update (MLIST)
[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update (MLIST)
RHSA-2018:2252 (REDHAT)
RHSA-2018:2251 (REDHAT)
RHSA-2018:2113 (REDHAT)
RHSA-2018:2112 (REDHAT)
1041193 (SECTRACK)
104560 (BID)
GLSA-201810-01 (GENTOO)
GLSA-201811-13 (GENTOO)
CVE: CVE-2018-12366
CVE: CVE-2018-12366
Id:
CVE-2018-12366
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12366
Comment
: An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
125 (Out-of-bounds Read)
References:
https://www.mozilla.org/security/advisories/mfsa2018-19/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-18/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-17/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-16/ (CONFIRM)
https://www.mozilla.org/security/advisories/mfsa2018-15/ (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=1464039 (CONFIRM)
DSA-4244 (DEBIAN)
DSA-4235 (DEBIAN)
USN-3714-1 (UBUNTU)
USN-3705-1 (UBUNTU)
[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update (MLIST)
[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update (MLIST)
RHSA-2018:2252 (REDHAT)
RHSA-2018:2251 (REDHAT)
RHSA-2018:2113 (REDHAT)
RHSA-2018:2112 (REDHAT)
1041193 (SECTRACK)
104560 (BID)
GLSA-201810-01 (GENTOO)
GLSA-201811-13 (GENTOO)
CVE: CVE-2018-12372
CVE: CVE-2018-12372
Id:
CVE-2018-12372
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12372
Comment
: Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
200 (Information Exposure)
References:
https://www.mozilla.org/security/advisories/mfsa2018-18/ (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=1419417 (CONFIRM)
DSA-4244 (DEBIAN)
USN-3714-1 (UBUNTU)
[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update (MLIST)
RHSA-2018:2252 (REDHAT)
RHSA-2018:2251 (REDHAT)
104613 (BID)
GLSA-201811-13 (GENTOO)
CVE: CVE-2018-12373
CVE: CVE-2018-12373
Id:
CVE-2018-12373
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12373
Comment
: dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
200 (Information Exposure)
References:
https://www.mozilla.org/security/advisories/mfsa2018-18/ (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=1464667 (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=1464056 (CONFIRM)
DSA-4244 (DEBIAN)
USN-3714-1 (UBUNTU)
[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update (MLIST)
RHSA-2018:2252 (REDHAT)
RHSA-2018:2251 (REDHAT)
104613 (BID)
GLSA-201811-13 (GENTOO)
CVE: CVE-2018-12374
CVE: CVE-2018-12374
Id:
CVE-2018-12374
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12374
Comment
: Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird < 52.9.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
LOW
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CWE:
200 (Information Exposure)
References:
https://www.mozilla.org/security/advisories/mfsa2018-18/ (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=1462910 (CONFIRM)
DSA-4244 (DEBIAN)
USN-3714-1 (UBUNTU)
[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update (MLIST)
RHSA-2018:2252 (REDHAT)
RHSA-2018:2251 (REDHAT)
104613 (BID)
GLSA-201811-13 (GENTOO)
Content available only for registered users!
ovaldb@altx-soft.com