CVE-2018-5170

Source
Severity Medium
Remote Yes
Type Content spoofing
Description
It is possible in Thunderbird before 52.8 to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected.
Group Package Affected Fixed Severity Status Ticket
AVG-707 thunderbird 52.7.0-2 52.8.0-1 Critical Fixed
Date Advisory Group Package Severity Description
21 May 2018 ASA-201805-21 AVG-707 thunderbird Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5170
https://bugzilla.mozilla.org/show_bug.cgi?id=1411732