Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-12368

EPSS 1.85% · P83
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-12368

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This also allows a WebExtension with the limited downloads.open permission to execute arbitrary code without user interaction on Windows 10 systems. *Note: this issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Mozilla Firefox和Firefox ESR 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Mozilla Firefox和Firefox ESR都是美国Mozilla基金会开发的浏览器产品。Firefox是一款开源Web浏览器;Firefox ESR是Firefox的一个延长支持版本。 基于Windows平台的Mozilla Firefox 61之前版本、Firefox ESR 52.9之前版本和60.1之前版本中存在安全漏洞,该漏洞源于用户在打开带有SettingContent-ms扩展的可执行文件时,程序并没有提醒用户。远程攻击者可利用该漏洞执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
MozillaThunderbird unspecified ~ 60 -
MozillaFirefox ESR unspecified ~ 60.1 -
MozillaFirefox unspecified ~ 61 -

II. Public POCs for CVE-2018-12368

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2018-12368

登录查看更多情报信息。

Same Patch Batch · Mozilla · 2018-10-18 · 32 CVEs total

CVE-2018-12374Mozilla Thunderbird 信息泄露漏洞
CVE-2018-5188Mozilla Firefox和Firefox ESR 安全漏洞
CVE-2018-5187Mozilla Firefox和Firefox ESR 安全漏洞
CVE-2018-5186Mozilla Firefox 安全漏洞
CVE-2018-5156Mozilla Firefox和Firefox ESR 安全漏洞
CVE-2018-12387Mozilla Firefox和Firefox ESR 缓冲区错误漏洞
CVE-2018-12386Mozilla Firefox和Firefox ESR 安全漏洞
CVE-2018-12385Mozilla Firefox和Firefox ESR 安全漏洞
CVE-2018-12383Mozilla Firefox 安全漏洞
CVE-2018-12382Mozilla Firefox for Android 安全漏洞
CVE-2018-12381Mozilla Firefox和Firefox ESR 安全漏洞
CVE-2018-12379Mozilla Firefox和Firefox ESR 缓冲区错误漏洞
CVE-2018-12378Mozilla Firefox、Firefox ESR和Thunderbird 资源管理错误漏洞
CVE-2018-12377Mozilla Firefox、Firefox ESR和Thunderbird 资源管理错误漏洞
CVE-2018-12376Mozilla Firefox和Firefox ESR 安全漏洞
CVE-2018-12375Mozilla Firefox 安全漏洞
CVE-2016-9069Mozilla Firefox 释放后重用漏洞
CVE-2018-12373Mozilla Thunderbird 信息泄露漏洞
CVE-2018-12372Mozilla Thunderbird 信息泄露漏洞
CVE-2018-12370Mozilla Firefox 安全漏洞

Showing top 20 of 32 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Thunderbird
Same vendor: Mozilla

V. Comments for CVE-2018-12368

No comments yet

Leave a comment