CVE-2018-12373 — Sensitive Information Exposure in Mozilla Thunderbird
Severity
6.5MEDIUMNVD
OSV8.8
EPSS
1.1%
top 21.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 18
Latest updateMay 13
Description
dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages7 packages
Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, 18.04, Enterprise Linux 6.0, 7.0, 7.5, 7.6
🔴Vulnerability Details
4GHSA▶
GHSA-6x9p-vcwr-3q9w: dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward↗2022-05-13
OSV▶
CVE-2018-12373: dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward↗2018-10-18
CVEList▶
CVE-2018-12373: dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward↗2018-10-18