CVE-2020-26970

Summary

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.

Affected Software

VendorProductVersion RangeStatus
MozillaThunderbird< 78.5.1affected

Weaknesses

  • Stack overflow due to incorrect parsing of SMTP server response codes

ADP Enrichment

CVE Program Container

Additional References

References