CVE-2018-5174

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 60 Firefox ESR versions prior to 52.8 Thunderbird versions prior to 52.8 Thunderbird ESR versions prior to 52.8 Windows 10 versions April 2018 Update and later

Description The issue is related to the incorrect setting of the SEE MASK FLAG NO UI flag by Firefox when downloading files, leading to less secure behavior from Windows Defender SmartScreen. This allows unknown and potentially dangerous files to run without prompting the user for a decision. The vulnerability is also associated with errors in processing permissions in the baseURI component of Firefox ESR, Firefox, and Thunderbird, which can be exploited by a remote attacker to compromise the integrity of protected information.

Recommendations For Firefox versions prior to 60, update to version 60 or later. For Firefox ESR versions prior to 52.8, update to version 52.8 or later. For Thunderbird versions prior to 52.8, update to version 52.8 or later. For Thunderbird ESR versions prior to 52.8, update to version 52.8 or later. For Windows 10 users running the April 2018 update or later, ensure that Windows Defender SmartScreen is configured to prompt the user for a decision when downloading unknown files.