CVE-2020-12397 — Origin Validation Error in Mozilla Thunderbird
Severity
4.3MEDIUMNVD
OSV8.1
EPSS
0.2%
top 58.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 22
Latest updateMay 24
Description
By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4
Affected Packages4 packages
Also affects: Ubuntu Linux 16.04, 18.04, 19.10, 20.04
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-mg46-fgw7-xxfg: By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays↗2022-05-24
CVEList▶
CVE-2020-12397: By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays↗2020-05-22
OSV▶
CVE-2020-12397: By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays↗2020-05-22
📋Vendor Advisories
4Debian▶
CVE-2020-12397: thunderbird - By encoding Unicode whitespace characters within the From email header, an attac...↗2020
💬Community
1Bugzilla
▶