CVE-2018-12365
N/A
N/A
Summary
A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Thunderbird | unspecified < 60 | affected |
| Mozilla | Thunderbird | unspecified < 52.9 | affected |
| Mozilla | Firefox ESR | unspecified < 60.1 | affected |
| Mozilla | Firefox ESR | unspecified < 52.9 | affected |
| Mozilla | Firefox | unspecified < 61 | affected |
Weaknesses
- Compromised IPC child process can list local filenames
ADP Enrichment
CVE Program Container
Additional References
- https://security.gentoo.org/glsa/201810-01
- https://www.mozilla.org/security/advisories/mfsa2018-15/
- https://access.redhat.com/errata/RHSA-2018:2112
- https://security.gentoo.org/glsa/201811-13
- https://www.debian.org/security/2018/dsa-4235
- https://www.mozilla.org/security/advisories/mfsa2018-18/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1459206
- https://access.redhat.com/errata/RHSA-2018:2113
- https://www.mozilla.org/security/advisories/mfsa2018-16/
- https://www.debian.org/security/2018/dsa-4244
- http://www.securityfocus.com/bid/104560
- http://www.securitytracker.com/id/1041193
- https://www.mozilla.org/security/advisories/mfsa2018-19/
- https://access.redhat.com/errata/RHSA-2018:2252
- https://www.mozilla.org/security/advisories/mfsa2018-17/
- https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html
- https://access.redhat.com/errata/RHSA-2018:2251
- https://usn.ubuntu.com/3705-1/
- https://usn.ubuntu.com/3714-1/
- https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html
References
- https://security.gentoo.org/glsa/201810-01
- https://www.mozilla.org/security/advisories/mfsa2018-15/
- https://access.redhat.com/errata/RHSA-2018:2112
- https://security.gentoo.org/glsa/201811-13
- https://www.debian.org/security/2018/dsa-4235
- https://www.mozilla.org/security/advisories/mfsa2018-18/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1459206
- https://access.redhat.com/errata/RHSA-2018:2113
- https://www.mozilla.org/security/advisories/mfsa2018-16/
- https://www.debian.org/security/2018/dsa-4244
- http://www.securityfocus.com/bid/104560
- http://www.securitytracker.com/id/1041193
- https://www.mozilla.org/security/advisories/mfsa2018-19/
- https://access.redhat.com/errata/RHSA-2018:2252
- https://www.mozilla.org/security/advisories/mfsa2018-17/
- https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html
- https://access.redhat.com/errata/RHSA-2018:2251
- https://usn.ubuntu.com/3705-1/
- https://usn.ubuntu.com/3714-1/
- https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.