CVE-2018-5162Missing Encryption of Sensitive Data in Mozilla Thunderbird

CWE-311Missing Encryption of Sensitive DataCWE-200Sensitive Information Exposure10 documents8 sources
Severity
7.5HIGHNVD
EPSS
0.9%
top 24.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Mozilla ThunderbirdMozilla Thunderbird ESRCanonical Ubuntu Linux+7 more
Timeline
PublishedJun 11
Latest updateMay 13

Description

Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages8 packages

CVEListV5mozilla/thunderbirdunspecified52.8
NVDmozilla/thunderbird< 52.8.0
CVEListV5mozilla/thunderbird_esrunspecified52.8
Debianmozilla/thunderbird< 1:52.8.0-1+3

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, 18.04, Enterprise Linux 7.6, 7.5

🔴Vulnerability Details

3
GHSA
GHSA-644r-rpv6-w4x6: Plaintext of decrypted emails can leak through the src attribute of remote images, or links2022-05-13
CVEList
CVE-2018-5162: Plaintext of decrypted emails can leak through the src attribute of remote images, or links2018-06-11
OSV
CVE-2018-5162: Plaintext of decrypted emails can leak through the src attribute of remote images, or links2018-06-11

📋Vendor Advisories

4
Ubuntu
Thunderbird vulnerabilities2018-05-25
Red Hat
Mozilla: Encrypted mail leaks plaintext through src attribute2018-05-18
Red Hat
S/MIME: CBC gadget attacks allows to exfiltrate plaintext out of encrypted emails2018-05-14
Debian
CVE-2018-5162: thunderbird - Plaintext of decrypted emails can leak through the src attribute of remote image...2018

💬Community

2
Bugzilla
CVE-2018-10908 vdsm: calls to qemu-img are not protected by prlimit/ulimit2018-07-20
Bugzilla
CVE-2018-5162 Mozilla: Encrypted mail leaks plaintext through src attribute2018-05-21
CVE-2018-5162 — Missing Encryption of Sensitive Data | cvebase