** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2018-18493 from the MITRE CVE dictionary dictionary and NIST NVD.
In general, this flaw be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.
| CVSS3 Base Score | 7.5 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
| Attack Vector | Network |
| Attack Complexity | High |
| Privileges Required | None |
| User Interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity Impact | High |
| Availability Impact | High |
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 6 (thunderbird) | RHSA-2019:0159 | 2019-01-24 |
| Red Hat Enterprise Linux 7 (thunderbird) | RHSA-2019:0160 | 2019-01-24 |
| Red Hat Enterprise Linux 6 (firefox) | RHSA-2018:3831 | 2018-12-17 |
| Red Hat Enterprise Linux 7 (firefox) | RHSA-2018:3833 | 2018-12-17 |
Vulmon