CVE-2020-12397

Summary

By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0.

Affected Software

VendorProductVersion RangeStatus
MozillaThunderbirdunspecified < 68.8.0affected

Weaknesses

  • Sender Email Address Spoofing using encoded Unicode characters

ADP Enrichment

CVE Program Container

Additional References

References