CVE-2020-6795NULL Pointer Dereference in Mozilla Thunderbird

CWE-476NULL Pointer Dereference11 documents8 sources
Severity
6.5MEDIUMNVD
OSV8.8
EPSS
0.7%
top 28.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla ThunderbirdDebian ThunderbirdMozilla Firefox
Timeline
PublishedMar 2
Latest updateMay 24

Description

When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an unexploitable crash. This vulnerability affects Thunderbird < 68.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

debiandebian/thunderbird< thunderbird 1:68.5.0-1 (bookworm)
CVEListV5mozilla/thunderbirdunspecified68.5
NVDmozilla/thunderbird< 68.5.0
Debianmozilla/thunderbird< 1:68.5.0-1+3
Ubuntumozilla/thunderbird< 1:68.7.0+build1-0ubuntu0.16.04.2+1

🔴Vulnerability Details

4
GHSA
GHSA-4whv-ch98-q6fp: When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an2022-05-24
OSV
thunderbird vulnerabilities2020-04-21
OSV
thunderbird vulnerabilities2020-04-13
OSV
CVE-2020-6795: When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an2020-03-02

📋Vendor Advisories

5
Ubuntu
Thunderbird vulnerabilities2020-04-21
Ubuntu
Thunderbird vulnerabilities2020-04-13
Red Hat
Mozilla: Crash processing S/MIME messages with multiple signatures2020-02-11
Debian
CVE-2020-6795: thunderbird - When processing a message that contains multiple S/MIME signatures, a bug in the...2020
Mozilla
Mozilla Foundation Security Advisory 2020-07: CVE-2020-6795

💬Community

1
Bugzilla
CVE-2020-6795 Mozilla: Crash processing S/MIME messages with multiple signatures2020-02-11