Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-12365

A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Related bugs and status

CVE-2018-12365 (Candidate) is related to these bugs:

Bug #1791477: Thunderbird Multiple Security Vulnerabilities

Summary				In	Importance	Status
	1791477	Thunderbird Multiple Security Vulnerabilities		thunderbird (Ubuntu)	Undecided	New

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.mozil...
CONFIRM: https://www.mozilla.or...
CONFIRM: https://www.mozilla.or...
CONFIRM: https://www.mozilla.or...
CONFIRM: https://www.mozilla.or...
CONFIRM: https://www.mozilla.or...
MLIST: [debian-lts-announce] ...
MLIST: [debian-lts-announce] ...
DEBIAN: DSA-4235
DEBIAN: DSA-4244
REDHAT: RHSA-2018:2112
REDHAT: RHSA-2018:2113
REDHAT: RHSA-2018:2251
REDHAT: RHSA-2018:2252
UBUNTU: USN-3705-1
UBUNTU: USN-3714-1
BID: 104560
SECTRACK: 1041193
GENTOO: GLSA-201810-01
GENTOO: GLSA-201811-13