CVE-2018-12374 — Sensitive Information Exposure in Mozilla Thunderbird
Severity
4.3MEDIUMNVD
OSV8.8
EPSS
0.8%
top 26.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 18
Latest updateMay 13
Description
Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird < 52.9.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4
Affected Packages7 packages
Also affects: Enterprise Linux 6.0, 7.0, 7.5, 7.6, Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, 18.04
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-x5qf-xh29-8vm2: Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field↗2022-05-13
OSV▶
CVE-2018-12374: Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field↗2018-10-18
CVEList▶
CVE-2018-12374: Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field↗2018-10-18
📋Vendor Advisories
3💬Community
3Bugzilla▶
CVE-2018-12374 thunderbird: Using form to exfiltrate encrypted mail part by pressing enter in form field [fedora-all]↗2018-07-05
Bugzilla▶
CVE-2018-12374 thunderbird: Using form to exfiltrate encrypted mail part by pressing enter in form field↗2018-07-05
Bugzilla▶
CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380 clamav: Multiple vulnerabilities fixed in 0.99.3↗2018-01-29