CVE-2018-12372 — Sensitive Information Exposure in Mozilla Thunderbird
Severity
6.5MEDIUMNVD
OSV8.8
EPSS
0.8%
top 26.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 18
Latest updateMay 13
Description
Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages7 packages
Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, 18.04, Enterprise Linux 6.0, 7.0, 7.5, 7.6
🔴Vulnerability Details
4GHSA▶
GHSA-gfx4-4m6p-57vj: Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward↗2022-05-13
OSV▶
CVE-2018-12372: Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward↗2018-10-18
CVEList▶
CVE-2018-12372: Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward↗2018-10-18