A flaw was found in Mozilla Thunderbird before version 52.9. Decrypted S/MIME parts hidden with CSS or <plaintext> can leak plaintext when included in a HTML reply/forward. References: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12373 https://bugzilla.mozilla.org/show_bug.cgi?id=1464667
Created thunderbird tracking bugs for this issue: Affects: fedora-all [bug 1598530]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:2252 https://access.redhat.com/errata/RHSA-2018:2252
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:2251 https://access.redhat.com/errata/RHSA-2018:2251