Lucene search

[email protected]NVD:CVE-2018-12365

HistoryOct 18, 2018 - 1:29 p.m.

CVE-2018-12365

2018-10-1813:29:02

CWE-200

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.2%

JSON

A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Affected configurations

NVD

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.6

redhatenterprise_linux_server_eusMatch7.5

redhatenterprise_linux_server_eusMatch7.6

redhatenterprise_linux_server_tusMatch7.6

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

Node

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch17.10

canonicalubuntu_linuxMatch18.04lts

Node

mozillafirefoxRange<61.0

mozillafirefox_esrRange<52.9

mozillafirefox_esrRange53.0–60.1.0

mozillathunderbirdRange<52.9

mozillathunderbirdRange52.9.1–60.0

References

www.securityfocus.com/bid/104560

www.securitytracker.com/id/1041193

access.redhat.com/errata/RHSA-2018:2112

access.redhat.com/errata/RHSA-2018:2113

access.redhat.com/errata/RHSA-2018:2251

access.redhat.com/errata/RHSA-2018:2252

bugzilla.mozilla.org/show_bug.cgi?id=1459206

lists.debian.org/debian-lts-announce/2018/06/msg00014.html

lists.debian.org/debian-lts-announce/2018/07/msg00013.html

security.gentoo.org/glsa/201810-01

security.gentoo.org/glsa/201811-13

usn.ubuntu.com/3705-1/

usn.ubuntu.com/3714-1/

www.debian.org/security/2018/dsa-4235

www.debian.org/security/2018/dsa-4244

www.mozilla.org/security/advisories/mfsa2018-15/

www.mozilla.org/security/advisories/mfsa2018-16/

www.mozilla.org/security/advisories/mfsa2018-17/

www.mozilla.org/security/advisories/mfsa2018-18/

www.mozilla.org/security/advisories/mfsa2018-19/

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.2%

JSON

Related for NVD:CVE-2018-12365

cve1 ubuntucve1 veracode1 prion1 debiancve1 redhatcve1 cvelist1 ibm1 debian4 osv4 openvas35 nessus54 suse8 mageia4 ubuntu3 mozilla5 oraclelinux3 archlinux2 redhat4 amazon1 centos4 altlinux3 kaspersky3 freebsd1 gentoo2