CVE-2020-26970
N/A
N/A
Summary
When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Thunderbird | < 78.5.1 | affected |
Weaknesses
- Stack overflow due to incorrect parsing of SMTP server response codes
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1677338
- https://www.mozilla.org/security/advisories/mfsa2020-53/
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1677338
- https://www.mozilla.org/security/advisories/mfsa2020-53/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.