CVE-2020-6792 — Use of Uninitialized Resource in Mozilla Thunderbird

CWE-908 — Use of Uninitialized Resource CWE-909 — Missing Initialization of Resource CWE-456 — Missing Initialization of a Variable11 documents8 sources

Severity

4.3MEDIUMNVD

OSV8.8OSV6.5

EPSS

1.0%

top 23.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird Debian Thunderbird Canonical Ubuntu Linux +1 more

Timeline

PublishedMar 2

Latest updateMay 24

Description

When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird < 68.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages6 packages

▶debiandebian/thunderbird< thunderbird 1:68.5.0-1 (bookworm)

▶CVEListV5mozilla/thunderbirdunspecified — 68.5

▶NVDmozilla/thunderbird< 68.5.0

▶Debianmozilla/thunderbird< 1:68.5.0-1+3

▶Ubuntumozilla/thunderbird< 1:68.7.0+build1-0ubuntu0.16.04.2+1

Also affects: Ubuntu Linux 16.04, 18.04, 19.10

🔴Vulnerability Details

GHSA

GHSA-c3mf-x864-vg86: When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents↗2022-05-24

▶

OSV

thunderbird vulnerabilities↗2020-04-21

▶

OSV

thunderbird vulnerabilities↗2020-04-13

▶

OSV

CVE-2020-6792: When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents↗2020-03-02

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2020-04-21

▶

Ubuntu

Thunderbird vulnerabilities↗2020-04-13

▶

Red Hat

Mozilla: Message ID calculation was based on uninitialized data↗2020-02-11

▶

Debian

CVE-2020-6792: thunderbird - When deriving an identifier for an email message, uninitialized memory was used ...↗2020

▶

Mozilla

Mozilla Foundation Security Advisory 2020-07: CVE-2020-6792↗

▶

💬Community

Bugzilla

CVE-2020-6792 Mozilla: Message ID calculation was based on uninitialized data↗2020-02-11

▶