CVE-2020-26970 — Out-of-bounds Write in Mozilla Thunderbird

CWE-787 — Out-of-bounds Write CWE-121 — Stack-based Buffer Overflow7 documents7 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 40.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird Debian Thunderbird Mozilla Firefox

Timeline

PublishedDec 9

Latest updateMay 24

Description

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/thunderbird< thunderbird 1:78.5.1-1 (bookworm)

▶NVDmozilla/thunderbird< 78.5.1

▶Debianmozilla/thunderbird< 1:78.5.1-1+3

▶mozillamozilla/firefox

🔴Vulnerability Details

GHSA

GHSA-w8wp-h42w-f3m4: When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte↗2022-05-24

▶

OSV

CVE-2020-26970: When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte↗2020-12-09

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2021-01-20

▶

Red Hat

Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes↗2020-12-01

▶

Debian

CVE-2020-26970: thunderbird - When reading SMTP server status codes, Thunderbird writes an integer value to a ...↗2020

▶

Mozilla

Mozilla Foundation Security Advisory 2020-53: CVE-2020-26970↗

▶