製品・ソフトウェアに関する情報

JVN脆弱性詳細

Thunderbird および Firefox におけるセキュリティ機能に関する脆弱性

Title	Thunderbird および Firefox におけるセキュリティ機能に関する脆弱性
Summary	Thunderbird および Firefox には、セキュリティ機能に関する脆弱性が存在します。
Possible impacts	情報を改ざんされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	May 9, 2018, midnight
Registration Date	Aug. 21, 2018, 3:31 p.m.
Last Update	Aug. 21, 2018, 3:31 p.m.

Affected System

Mozilla Foundation

Mozilla Firefox 60 未満

Mozilla Firefox ESR 52.8 未満

Mozilla Thunderbird 52.8 未満

Mozilla Thunderbird ESR 52.8 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2018-5174	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5174
National Vulnerability Database (NVD)
2	CVE-2018-5174	https://nvd.nist.gov/vuln/detail/CVE-2018-5174

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-254	https://cwe.mitre.org/data/definitions/254.html

ベンダー情報

No	Name	URL
Mozilla Foundation Security Advisory
1	MFSA2018-11	https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/
2	MFSA2018-12	https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/
3	MFSA2018-13	https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/

Change Log

No	Changed Details	Date of change
1	[2018年08月21日] 掲載	Aug. 21, 2018, 3:31 p.m.

NVD Vulnerability Information

CVE-2018-5174

Summary	In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened because Windows won't prompt the user to ask what to do. Firefox incorrectly sets this flag when downloading files, leading to less secure behavior from SmartScreen. Note: this issue only affects Windows 10 users running the April 2018 update or later. It does not affect other Windows users or other operating systems. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
Publication Date	June 12, 2018, 6:29 a.m.
Registration Date	March 1, 2021, 7:30 p.m.
Last Update	Nov. 21, 2024, 1:08 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:mozilla:firefox::::::::					60.0
cpe:2.3:a:mozilla:firefox_esr::::::::					52.8.0
cpe:2.3:a:mozilla:thunderbird::::::::					52.8.0
cpe:2.3:a:mozilla:thunderbird_esr::::::::					52.8.0
execution environment
1	cpe:2.3:o:microsoft:windows_10:-:::::::*

Related information, measures and tools

No	URL	タグ
1	http://www.securityfocus.com/bid/104136	Third Party Advisory VDB Entry
2	http://www.securityfocus.com/bid/104136	Third Party Advisory VDB Entry
3	http://www.securitytracker.com/id/1040896	Third Party Advisory VDB Entry
4	http://www.securitytracker.com/id/1040896	Third Party Advisory VDB Entry
5	https://bugzilla.mozilla.org/show_bug.cgi?id=1447080	Issue Tracking Permissions Required Third Party Advisory
6	https://bugzilla.mozilla.org/show_bug.cgi?id=1447080	Issue Tracking Permissions Required Third Party Advisory
7	https://www.mozilla.org/security/advisories/mfsa2018-11/	Vendor Advisory
8	https://www.mozilla.org/security/advisories/mfsa2018-11/	Vendor Advisory
9	https://www.mozilla.org/security/advisories/mfsa2018-12/	Vendor Advisory
10	https://www.mozilla.org/security/advisories/mfsa2018-12/	Vendor Advisory
11	https://www.mozilla.org/security/advisories/mfsa2018-13/	Vendor Advisory
12	https://www.mozilla.org/security/advisories/mfsa2018-13/	Vendor Advisory

Common Vulnerabilities List