A flaw was found in Mozilla Thunderbird before version 52.9. Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. References: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12372
Created thunderbird tracking bugs for this issue: Affects: fedora-all [bug 1598539]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:2252 https://access.redhat.com/errata/RHSA-2018:2252
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:2251 https://access.redhat.com/errata/RHSA-2018:2251