Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2018-5174

Published: 11/06/2018 Updated: 03/10/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Thunderbird Esr

Vulnerability Summary

In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened because Windows won't prompt the user to ask what to do. Firefox incorrectly sets this flag when downloading files, leading to less secure behavior from SmartScreen. Note: this issue only affects Windows 10 users running the April 2018 update or later. It does not affect other Windows users or other operating systems. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla thunderbird_esr

mozilla firefox_esr

mozilla thunderbird

mozilla firefox

Vendor Advisories

Red Hat: CVE-2018-5174
In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not show any UI Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed t ...
Mozilla: Security vulnerabilities fixed in Thunderbird 52.8
Mozilla Foundation Security Advisory 2018-13 Security vulnerabilities fixed in Thunderbird 528 Announced May 18, 2018 Impact critical Products Thunderbird Fixed in Thunderbird 528 ...
Mozilla: Security vulnerabilities fixed in Firefox 60
Mozilla Foundation Security Advisory 2018-11 Security vulnerabilities fixed in Firefox 60 Announced May 9, 2018 Impact critical Products Firefox Fixed in Firefox 60 ...
Mozilla: Security vulnerabilities fixed in Firefox ESR 52.8
Mozilla Foundation Security Advisory 2018-12 Security vulnerabilities fixed in Firefox ESR 528 Announced May 9, 2018 Impact critical Products Firefox ESR Fixed in Firefox ESR 528 ...

References

NVD-CWE-noinfohttps://www.mozilla.org/security/advisories/mfsa2018-13/https://www.mozilla.org/security/advisories/mfsa2018-12/https://www.mozilla.org/security/advisories/mfsa2018-11/https://bugzilla.mozilla.org/show_bug.cgi?id=1447080http://www.securitytracker.com/id/1040896http://www.securityfocus.com/bid/104136https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2018-5174
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook