CVE-2018-12365
The MITRE CVE dictionary describes this issue as:
A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
Find out more about CVE-2018-12365 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v3 metrics
| CVSS3 Base Score | 6.1 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | Required |
| Scope | Changed |
| Confidentiality | Low |
| Integrity Impact | Low |
| Availability Impact | None |
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 7 (firefox) | RHSA-2018:2113 | 2018-06-28 |
| Red Hat Enterprise Linux 7 (thunderbird) | RHSA-2018:2252 | 2018-07-24 |
| Red Hat Enterprise Linux 6 (thunderbird) | RHSA-2018:2251 | 2018-07-24 |
| Red Hat Enterprise Linux 6 (firefox) | RHSA-2018:2112 | 2018-06-28 |
Acknowledgements
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Alex Gaynor as the original reporter.External References
CVE description copyright © 2017, The MITRE Corporation