Bug 1100079 - (CVE-2018-12373) VUL-0: CVE-2018-12373: MozillaThunderbird: S/MIME plaintext can be leaked through HTML reply/forward
(CVE-2018-12373)
VUL-0: CVE-2018-12373: MozillaThunderbird: S/MIME plaintext can be leaked thr...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/209446/
CVSSv3:SUSE:CVE-2018-12373:3.1:(AV:N/...
:
Depends on: 1100780
Blocks:
  Show dependency treegraph
 
Reported: 2018-07-04 08:20 UTC by Johannes Segitz
Modified: 2019-02-19 07:08 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2018-07-04 08:20:37 UTC
CVE-2018-12373

Decrypted S/MIME parts hidden with CSS or <plaintext> can leak plaintext when included in a HTML reply/forward.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12373
https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12373
Comment 1 Swamp Workflow Management 2018-07-04 09:20:29 UTC
This is an autogenerated message for OBS integration:
This bug (1100079) was mentioned in
https://build.opensuse.org/request/show/620589 15.0+42.3+Backports:SLE-12 / MozillaThunderbird
Comment 3 Swamp Workflow Management 2018-07-04 14:40:27 UTC
This is an autogenerated message for OBS integration:
This bug (1100079) was mentioned in
https://build.opensuse.org/request/show/620628 15.0+42.3+Backports:SLE-12 / MozillaThunderbird
Comment 5 Swamp Workflow Management 2018-07-04 22:50:25 UTC
This is an autogenerated message for OBS integration:
This bug (1100079) was mentioned in
https://build.opensuse.org/request/show/620659 15.0+42.3+Backports:SLE-12 / MozillaThunderbird
Comment 7 Swamp Workflow Management 2018-07-06 22:08:53 UTC
openSUSE-SU-2018:1905-1: An update that fixes 11 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1076907,1085780,1091376,1098998,1100079,1100081,1100082
CVE References: CVE-2018-12359,CVE-2018-12360,CVE-2018-12362,CVE-2018-12363,CVE-2018-12364,CVE-2018-12365,CVE-2018-12366,CVE-2018-12372,CVE-2018-12373,CVE-2018-12374,CVE-2018-5188
Sources used:
openSUSE Leap 42.3 (src):    MozillaThunderbird-52.9.0-68.1
openSUSE Leap 15.0 (src):    MozillaThunderbird-52.9.0-lp150.3.8.1
Comment 8 Swamp Workflow Management 2018-07-06 22:10:51 UTC
openSUSE-SU-2018:1907-1: An update that fixes 11 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1076907,1085780,1091376,1098998,1100079,1100081,1100082
CVE References: CVE-2018-12359,CVE-2018-12360,CVE-2018-12362,CVE-2018-12363,CVE-2018-12364,CVE-2018-12365,CVE-2018-12366,CVE-2018-12372,CVE-2018-12373,CVE-2018-12374,CVE-2018-5188
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    MozillaThunderbird-52.9.0-65.1
Comment 11 Swamp Workflow Management 2018-08-02 16:10:49 UTC
SUSE-SU-2018:2174-1: An update that fixes 11 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1076907,1085780,1091376,1098998,1100079,1100081,1100082,1100780
CVE References: CVE-2018-12359,CVE-2018-12360,CVE-2018-12362,CVE-2018-12363,CVE-2018-12364,CVE-2018-12365,CVE-2018-12366,CVE-2018-12372,CVE-2018-12373,CVE-2018-12374,CVE-2018-5188
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    MozillaThunderbird-52.9.1-3.7.1
Comment 12 Marcus Meissner 2018-09-07 11:59:20 UTC
released