Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2018-12368
HistoryOct 18, 2018 - 12:00 a.m.

CVE-2018-12368

2018-10-1800:00:00
ubuntu.com
ubuntu.com
5

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.33 Low

EPSS

Percentile

97.0%

JSON

Windows 10 does not warn users before opening executable files with the
SettingContent-ms extension even when they have been downloaded from the
internet and have the “Mark of the Web.” Without the warning, unsuspecting
users unfamiliar with this new file type might run an unwanted executable.
This also allows a WebExtension with the limited downloads.open permission
to execute arbitrary code without user interaction on Windows 10 systems.
Note: this issue only affects Windows operating systems. Other operating
systems are unaffected.. This vulnerability affects Thunderbird < 60,
Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox <
61.

Notes

Author Note
tyhicks mozjs contains a copy of the SpiderMonkey JavaScript engine

Related

checkpoint_advisories 1
redhatcve 1
debiancve 1
prion 1
cve 1
nessus 16
openvas 12
mozilla 5
altlinux 3
kaspersky 3
freebsd 1
mageia 1
gentoo 1
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox WebExtensions SettingContent-ms Policy Bypass (CVE-2018-12368)
2018-11-29 00:00:00
redhatcve
redhatcve
CVE-2018-12368
2018-06-27 01:19:22
debiancve
debiancve
CVE-2018-12368
2018-10-18 13:29:00
prion
prion
Code injection
2018-10-18 13:29:00
cve
cve
CVE-2018-12368
2018-10-18 13:29:00
nessus
nessus
SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2018:2322-2)
2018-10-22 00:00:00
Mozilla Firefox ESR < 52.9 Multiple Vulnerabilities (macOS)
2018-06-29 00:00:00
SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2018:2325-1)
2018-08-15 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2018:2322-2)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:2322-1)
2021-04-19 00:00:00
Mozilla Firefox ESR Security Advisories (MFSA2018-15, MFSA2018-17) - 01 - Windows
2018-06-27 00:00:00
mozilla
mozilla
Security vulnerabilities fixed in Firefox ESR 52.9 — Mozilla
2018-06-26 00:00:00
Security vulnerabilities fixed in Thunderbird 52.9 — Mozilla
2018-07-03 00:00:00
Security vulnerabilities fixed in Thunderbird 60 — Mozilla
2018-08-19 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package thunderbird version July
2018-07-04 00:00:00
Security fix for the ALT Linux 10 package thunderbird version 60.0-alt1
2018-08-13 00:00:00
Security fix for the ALT Linux 10 package firefox-esr version 60.1.0-alt1
2018-06-26 00:00:00
kaspersky
kaspersky
KLA11278 Multiple vulnerabilities in Mozilla Thunderbird
2018-07-03 00:00:00
KLA11299 Multiple vulnerabilities in Mozilla Thunderbird
2018-08-06 00:00:00
KLA11271 Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR
2018-06-26 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2018-06-26 00:00:00
mageia
mageia
Updated thunderbird packages fix security issues & bugs
2018-12-16 00:29:48
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2018-10-02 00:00:00

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.33 Low

EPSS

Percentile

97.0%

JSON
Related for UB:CVE-2018-12368
checkpoint_advisories1redhatcve1debiancve1prion1cve1nessus16openvas12mozilla5altlinux3kaspersky3freebsd1mageia1gentoo1