Bug 1100081 - (CVE-2018-12374) VUL-0: CVE-2018-12374: MozillaThunderbird: Using form to exfiltrate encrypted mail part by pressing enter in form field
(CVE-2018-12374)
VUL-0: CVE-2018-12374: MozillaThunderbird: Using form to exfiltrate encrypted...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/209447/
CVSSv3:SUSE:CVE-2018-12374:3.1:(AV:N/...
:
Depends on: 1100780
Blocks:
  Show dependency treegraph
 
Reported: 2018-07-04 08:24 UTC by Johannes Segitz
Modified: 2019-02-19 07:08 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2018-07-04 08:24:07 UTC
CVE-2018-12374

Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12374
https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12374
Comment 1 Swamp Workflow Management 2018-07-04 09:20:32 UTC
This is an autogenerated message for OBS integration:
This bug (1100081) was mentioned in
https://build.opensuse.org/request/show/620589 15.0+42.3+Backports:SLE-12 / MozillaThunderbird
Comment 3 Swamp Workflow Management 2018-07-04 14:40:31 UTC
This is an autogenerated message for OBS integration:
This bug (1100081) was mentioned in
https://build.opensuse.org/request/show/620628 15.0+42.3+Backports:SLE-12 / MozillaThunderbird
Comment 5 Swamp Workflow Management 2018-07-04 22:50:29 UTC
This is an autogenerated message for OBS integration:
This bug (1100081) was mentioned in
https://build.opensuse.org/request/show/620659 15.0+42.3+Backports:SLE-12 / MozillaThunderbird
Comment 7 Swamp Workflow Management 2018-07-06 22:09:03 UTC
openSUSE-SU-2018:1905-1: An update that fixes 11 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1076907,1085780,1091376,1098998,1100079,1100081,1100082
CVE References: CVE-2018-12359,CVE-2018-12360,CVE-2018-12362,CVE-2018-12363,CVE-2018-12364,CVE-2018-12365,CVE-2018-12366,CVE-2018-12372,CVE-2018-12373,CVE-2018-12374,CVE-2018-5188
Sources used:
openSUSE Leap 42.3 (src):    MozillaThunderbird-52.9.0-68.1
openSUSE Leap 15.0 (src):    MozillaThunderbird-52.9.0-lp150.3.8.1
Comment 8 Swamp Workflow Management 2018-07-06 22:11:01 UTC
openSUSE-SU-2018:1907-1: An update that fixes 11 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1076907,1085780,1091376,1098998,1100079,1100081,1100082
CVE References: CVE-2018-12359,CVE-2018-12360,CVE-2018-12362,CVE-2018-12363,CVE-2018-12364,CVE-2018-12365,CVE-2018-12366,CVE-2018-12372,CVE-2018-12373,CVE-2018-12374,CVE-2018-5188
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    MozillaThunderbird-52.9.0-65.1
Comment 11 Swamp Workflow Management 2018-08-02 16:10:56 UTC
SUSE-SU-2018:2174-1: An update that fixes 11 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1076907,1085780,1091376,1098998,1100079,1100081,1100082,1100780
CVE References: CVE-2018-12359,CVE-2018-12360,CVE-2018-12362,CVE-2018-12363,CVE-2018-12364,CVE-2018-12365,CVE-2018-12366,CVE-2018-12372,CVE-2018-12373,CVE-2018-12374,CVE-2018-5188
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    MozillaThunderbird-52.9.1-3.7.1
Comment 12 Marcus Meissner 2018-09-07 11:58:40 UTC
released