CVE-2018-12365

Source
Severity Medium
Remote No
Type Information disclosure
Description
A security issue has been found in Firefox before 61.0 and Thunderbird before 52.9 where a compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files.
Group Package Affected Fixed Severity Status Ticket
AVG-728 thunderbird 52.8.0-1 52.9.1-1 Critical Fixed
AVG-727 firefox 60.0.2-1 61.0-1 Critical Fixed
Date Advisory Group Package Severity Description
16 Jul 2018 ASA-201807-4 AVG-728 thunderbird Critical multiple issues
27 Jun 2018 ASA-201806-14 AVG-727 firefox Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12365
https://bugzilla.mozilla.org/show_bug.cgi?id=1459206