CVE-2020-15685 — Command Injection in Mozilla Thunderbird

CWE-77 — Command Injection CWE-924 — Improper Enforcement of Message Integrity During Transmission in a Communication Channel7 documents7 sources

Severity

8.8HIGHNVD

EPSS

0.6%

top 29.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird Debian Thunderbird Mozilla Firefox

Timeline

PublishedDec 22

Description

During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶debiandebian/thunderbird< thunderbird 1:78.7.0-1 (bookworm)

▶CVEListV5mozilla/thunderbirdunspecified — 78.7

▶NVDmozilla/thunderbird< 78.7.0

▶Debianmozilla/thunderbird< 1:78.7.0-1+3

▶mozillamozilla/firefox

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-c839-4fpv-9xp7: During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session↗2022-12-22

▶

OSV

CVE-2020-15685: During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session↗2022-12-22

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2021-02-16

▶

Red Hat

Mozilla: IMAP Response Injection when using STARTTLS↗2021-01-26

▶

Debian

CVE-2020-15685: thunderbird - During the plaintext phase of the STARTTLS connection setup, protocol commands c...↗2020

▶

Mozilla

Mozilla Foundation Security Advisory 2021-05: CVE-2020-15685↗

▶