Vulnerability Description
When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Thunderbird | < 78.5.1 |
Related Weaknesses (CWE)
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1677338Issue TrackingPermissions RequiredVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2020-53/Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1677338Issue TrackingPermissions RequiredVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2020-53/Vendor Advisory
FAQ
What is CVE-2020-26970?
CVE-2020-26970 is a vulnerability with a CVSS score of 8.8 (HIGH). When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, t...
How severe is CVE-2020-26970?
CVE-2020-26970 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-26970?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Thunderbird.