A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Information
Published : 2018-10-18 06:29
Updated : 2018-12-03 12:09
NVD link : CVE-2018-12365
Mitre link : CVE-2018-12365
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
redhat
- enterprise_linux_desktop
- enterprise_linux_server_aus
- enterprise_linux_workstation
- enterprise_linux_server_tus
- enterprise_linux_server_eus
- enterprise_linux_server
mozilla
- firefox_esr
- thunderbird
- firefox
canonical
- ubuntu_linux
debian
- debian_linux