CVE-2018-18513
Gentoo Linux Security Advisory 201904-07
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature. This can be used as a denial-of-service (DOS) attack because Thunderbird reopens the last seen message on restart, triggering the crash again. This vulnerability affects Thunderbird < 60.5.
Puede producirse un bloqueo al procesar un mensaje S/MIME elaborado o un paquete XPI que contenga una firma elaborada. Esto puede utilizarse como un ataque de Denegación de Servicio (DOS) porque Thunderbird vuelve a abrir el último mensaje visto en el reinicio, desencadenando el bloqueo de nuevo. Esta vulnerabilidad afecta a las versiones anteriores a 60.5 de Thunderbird.
Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code. Versions less than 60.6.1 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-10-19 CVE Reserved
- 2019-04-02 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=1533300 | 2020-08-24 | |
| https://www.mozilla.org/security/advisories/mfsa2019-03 | 2020-08-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | < 60.5.0 Search vendor "Mozilla" for product "Thunderbird" and version " < 60.5.0" | - |
Affected
| ||||||