CVE-2018-12368

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 61 Firefox ESR versions prior to 60.1 Firefox ESR versions prior to 52.9 Thunderbird versions prior to 60 Thunderbird versions prior to 52.9

Description The issue is related to security setting errors in Firefox, Firefox ESR, and the Thunderbird email client. It may allow a remote attacker to execute arbitrary code by running a malicious executable file. This problem can be exploited on Windows 10 systems without warning users before opening executable files with the SettingContent-ms extension, even if they have been downloaded from the internet. The vulnerability can also enable a WebExtension with limited downloads.open permission to execute arbitrary code without user interaction on Windows 10 systems.

Recommendations For Firefox versions prior to 61, update to version 61 or later. For Firefox ESR versions prior to 60.1, update to version 60.1 or later. For Firefox ESR versions prior to 52.9, update to version 52.9 or later. For Thunderbird versions prior to 60, update to version 60 or later. For Thunderbird versions prior to 52.9, update to version 52.9 or later.