2018-06-14 10:04:14 -04:00
{
2019-03-18 02:13:24 +00:00
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org" ,
"ID" : "CVE-2018-12365" ,
"STATE" : "PUBLIC"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Thunderbird" ,
"version" : {
"version_data" : [
{
"version_affected" : "<" ,
"version_value" : "60"
} ,
{
"version_affected" : "<" ,
"version_value" : "52.9"
}
]
}
} ,
{
"product_name" : "Firefox ESR" ,
"version" : {
"version_data" : [
{
"version_affected" : "<" ,
"version_value" : "60.1"
} ,
{
"version_affected" : "<" ,
"version_value" : "52.9"
}
]
}
} ,
{
"product_name" : "Firefox" ,
"version" : {
"version_data" : [
{
"version_affected" : "<" ,
"version_value" : "61"
}
]
}
}
]
} ,
"vendor_name" : "Mozilla"
}
2018-10-18 08:32:12 -04:00
]
2019-03-18 02:13:24 +00:00
}
} ,
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
"value" : "A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61."
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "Compromised IPC child process can list local filenames"
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
"name" : "GLSA-201810-01" ,
"refsource" : "GENTOO" ,
"url" : "https://security.gentoo.org/glsa/201810-01"
} ,
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-15/" ,
"refsource" : "CONFIRM" ,
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-15/"
} ,
{
"name" : "RHSA-2018:2112" ,
"refsource" : "REDHAT" ,
"url" : "https://access.redhat.com/errata/RHSA-2018:2112"
} ,
{
"name" : "GLSA-201811-13" ,
"refsource" : "GENTOO" ,
"url" : "https://security.gentoo.org/glsa/201811-13"
} ,
{
"name" : "DSA-4235" ,
"refsource" : "DEBIAN" ,
"url" : "https://www.debian.org/security/2018/dsa-4235"
} ,
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-18/" ,
"refsource" : "CONFIRM" ,
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-18/"
} ,
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1459206" ,
"refsource" : "CONFIRM" ,
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1459206"
} ,
{
"name" : "RHSA-2018:2113" ,
"refsource" : "REDHAT" ,
"url" : "https://access.redhat.com/errata/RHSA-2018:2113"
} ,
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-16/" ,
"refsource" : "CONFIRM" ,
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-16/"
} ,
{
"name" : "DSA-4244" ,
"refsource" : "DEBIAN" ,
"url" : "https://www.debian.org/security/2018/dsa-4244"
} ,
{
"name" : "104560" ,
"refsource" : "BID" ,
"url" : "http://www.securityfocus.com/bid/104560"
} ,
{
"name" : "1041193" ,
"refsource" : "SECTRACK" ,
"url" : "http://www.securitytracker.com/id/1041193"
} ,
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-19/" ,
"refsource" : "CONFIRM" ,
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-19/"
} ,
{
"name" : "RHSA-2018:2252" ,
"refsource" : "REDHAT" ,
"url" : "https://access.redhat.com/errata/RHSA-2018:2252"
} ,
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-17/" ,
"refsource" : "CONFIRM" ,
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-17/"
} ,
{
"name" : "[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update" ,
"refsource" : "MLIST" ,
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html"
} ,
{
"name" : "RHSA-2018:2251" ,
"refsource" : "REDHAT" ,
"url" : "https://access.redhat.com/errata/RHSA-2018:2251"
} ,
{
"name" : "USN-3705-1" ,
"refsource" : "UBUNTU" ,
"url" : "https://usn.ubuntu.com/3705-1/"
} ,
{
"name" : "USN-3714-1" ,
"refsource" : "UBUNTU" ,
"url" : "https://usn.ubuntu.com/3714-1/"
} ,
{
"name" : "[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update" ,
"refsource" : "MLIST" ,
"url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
}
]
}
}
