| Revision Date: | 2018-10-18 | Version: | 1 | | Title: | CVE-2018-12368 on Ubuntu 18.04 LTS (bionic) - medium. | | Description: | Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This also allows a WebExtension with the limited downloads.open permission to execute arbitrary code without user interaction on Windows 10 systems. *Note: this issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2018-12368
| | Platform(s): | Ubuntu 18.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 18.04 LTS (bionic) is installed. AND Package Information
NOT firefox package in bionic, while related to the CVE in some way, is not affected.
OR NOT firefox-globalmenu package in bionic, while related to the CVE in some way, is not affected.
OR NOT firefox-mozsymbols package in bionic, while related to the CVE in some way, is not affected.
OR NOT firefox-testsuite package in bionic, while related to the CVE in some way, is not affected.
OR NOT libmozjs-38-0 package in bionic, while related to the CVE in some way, is not affected.
OR NOT libmozjs-52-0 package in bionic, while related to the CVE in some way, is not affected.
OR NOT thunderbird package in bionic, while related to the CVE in some way, is not affected.
OR NOT thunderbird-globalmenu package in bionic, while related to the CVE in some way, is not affected.
OR NOT thunderbird-gnome-support package in bionic, while related to the CVE in some way, is not affected.
OR NOT thunderbird-mozsymbols package in bionic, while related to the CVE in some way, is not affected.
OR NOT xul-ext-calendar-timezones package in bionic, while related to the CVE in some way, is not affected.
OR NOT xul-ext-gdata-provider package in bionic, while related to the CVE in some way, is not affected.
OR NOT xul-ext-lightning package in bionic, while related to the CVE in some way, is not affected.
|
|