Home

CVE-2018-12368

Description

Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the Mark of the Web. Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This also allows a WebExtension with the limited downloads.open permission to execute arbitrary code without user interaction on Windows 10 systems. *Note: this issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Risk Information

Base Score
8.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.952

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Mozilla Firefox (x64) 60.7.3Windows
Multiple vulnerabilities affected in Mozilla Firefox ESR (x64) 60.0.2Windows
Multiple vulnerabilities affected in Mozilla Firefox ESR 60.0.2Windows
Multiple vulnerabilities affected in Mozilla Thunderbird 52.8.0Windows
Multiple vulnerabilities affected in Mozilla_Firefox 60.7.3Windows
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 60.7.3Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 52.8.1Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 60.0.2Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 52.8.1Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 60.0.2Mac
Multiple Vulnerabilities are affected in Mozilla Thunderbird for Mac 52.8.0Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-343016Mozilla Firefox (x64) (132.0.2)
PATCH-310844Mozilla Firefox ESR (x64) (60.9.0)
PATCH-310843Mozilla Firefox ESR (60.9.0)
PATCH-315938Mozilla Thunderbird (68.12.0)
PATCH-343015Mozilla Firefox (132.0.2)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611807Mozilla Thunderbird For Mac (142.0)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234