CVE-2018-12372

Summary

Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.

Affected Software

VendorProductVersion RangeStatus
MozillaThunderbirdunspecified < 52.9affected

Weaknesses

  • S/MIME and PGP decryption oracles can be built with HTML emails

ADP Enrichment

CVE Program Container

Additional References

References