Arbitrary Attachment Name Spoofing Vulnerability in Thunderbird ESR < 52.8 and Thunderbird < 52.8

Arbitrary Attachment Name Spoofing Vulnerability in Thunderbird ESR < 52.8 and Thunderbird < 52.8

CVE-2018-5170 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.

Learn more about our User Device Pen Test.