DEBIAN-CVE-2018-12365

DEBIAN-CVE-2018-12365 PUBLISHED CVSS 6.5 MEDIUM

A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Risk Scores

CVSS 3.0

6.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:14	firefox-esr	0, 0, 0
Debian:11	firefox-esr	0, 0, 0
Debian:14	thunderbird	0, 0, 0
Debian:12	thunderbird	0, 0, 0
Debian:11	thunderbird	0, 0, 0
Debian:12	firefox-esr	0, 0, 0
Debian:13	thunderbird	0, 0, 0
Debian:13	firefox-esr	0, 0, 0

Timeline

Oct 18, 2018 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2018-12365 advisory

Open in Interactive Console →