CVE-2020-6793 — Use of Uninitialized Resource in Mozilla Thunderbird

CWE-908 — Use of Uninitialized Resource CWE-125 — Out-of-bounds Read11 documents8 sources

Severity

6.5MEDIUMNVD

OSV8.8

EPSS

0.8%

top 25.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird Debian Thunderbird Mozilla Firefox

Timeline

PublishedMar 2

Latest updateMay 24

Description

When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird < 68.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶debiandebian/thunderbird< thunderbird 1:68.5.0-1 (bookworm)

▶CVEListV5mozilla/thunderbirdunspecified — 68.5

▶NVDmozilla/thunderbird< 68.5.0

▶Debianmozilla/thunderbird< 1:68.5.0-1+3

▶Ubuntumozilla/thunderbird< 1:68.7.0+build1-0ubuntu0.16.04.2+1

🔴Vulnerability Details

GHSA

GHSA-2g5q-49cr-4f7j: When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location↗2022-05-24

▶

OSV

thunderbird vulnerabilities↗2020-04-21

▶

OSV

thunderbird vulnerabilities↗2020-04-13

▶

OSV

CVE-2020-6793: When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location↗2020-03-02

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2020-04-21

▶

Ubuntu

Thunderbird vulnerabilities↗2020-04-13

▶

Red Hat

Mozilla: Out-of-bounds read when processing certain email messages↗2020-02-11

▶

Debian

CVE-2020-6793: thunderbird - When processing an email message with an ill-formed envelope, Thunderbird could ...↗2020

▶

Mozilla

Mozilla Foundation Security Advisory 2020-07: CVE-2020-6793↗

▶

💬Community

Bugzilla

CVE-2020-6793 Mozilla: Out-of-bounds read when processing certain email messages↗2020-02-11

▶