vulnerability

MFSA2018-13 Thunderbird: Security vulnerabilities fixed in Thunderbird 52.8 (CVE-2018-5168)

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

May 18, 2018

Added

May 22, 2018

Modified

Mar 27, 2026

Description

Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

Solution

mozilla-thunderbird-upgrade-52_8

References

CVE-2018-5168
https://attackerkb.com/topics/CVE-2018-5168
EUVD-EUVD-2018-16953
http://www.mozilla.org/security/announce/2018/mfsa2018-13.html
https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-16953

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report