{"id":"CVE-2018-12365","details":"A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.","modified":"2026-03-15T22:18:23.841098Z","published":"2018-10-18T13:29:02.400Z","related":["MGASA-2018-0305","MGASA-2018-0316","MGASA-2018-0321","MGASA-2018-0480","SUSE-SU-2018:2174-1","SUSE-SU-2018:2298-1","SUSE-SU-2018:2322-1","SUSE-SU-2018:2322-2","SUSE-SU-2018:2325-1","SUSE-SU-2018:3247-1","openSUSE-SU-2018:2807-1","openSUSE-SU-2018:3687-1","openSUSE-SU-2024:10590-1","openSUSE-SU-2024:10600-1","openSUSE-SU-2024:10601-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2112"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2113"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2251"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201811-13"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/104560"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1041193"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201810-01"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3705-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4235"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4244"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2018-17/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2018-18/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2252"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3714-1/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2018-15/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2018-16/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2018-19/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1459206"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-12365.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.5"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"17.10"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"fixed":"61.0"}]},{"events":[{"introduced":"53.0"},{"fixed":"60.1.0"}]},{"events":[{"introduced":"0"},{"fixed":"52.9"}]},{"events":[{"introduced":"0"},{"fixed":"52.9"}]},{"events":[{"introduced":"52.9.1"},{"fixed":"60.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}]}