It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5170
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:1725 https://access.redhat.com/errata/RHSA-2018:1725
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:1726 https://access.redhat.com/errata/RHSA-2018:1726