Vulnerability CVE-2020-26970: Information

Description

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-26970
Published: Dec. 9, 2020
Modified: Dec. 10, 2020
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
thunderbirdsisyphus78.5.1-alt1115.9.0-alt1ALT-PU-2020-3443-1262794Fixed
thunderbirdp1078.5.1-alt1115.9.0-alt1ALT-PU-2020-3443-1262794Fixed
thunderbirdp978.7.0-alt0.1.p9102.11.0-alt0.c9.1ALT-PU-2021-1200-1265306Fixed
thunderbirdc10f178.5.1-alt1115.9.0-alt0.c10.1ALT-PU-2020-3443-1262794Fixed
thunderbirdc9f278.7.0-alt0.1.c9102.11.0-alt0.c9.1ALT-PU-2021-1369-1264611Fixed
thunderbirdp1178.5.1-alt1115.9.0-alt1ALT-PU-2020-3443-1262794Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1677338
  • Issue Tracking
  • Permissions Required
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-53/
  • Vendor Advisory

    1. Configuration 1

      cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
      End excliding
      78.5.1
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top