CVE-2020-26970
Description
When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.378
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-26970 are fixed in Mozilla Thunderbird (78.5.1) | Windows |
| Vulnerabilities CVE-2020-26970 are fixed in Mozilla Thunderbird (x64) (78.5.1) | Windows |
| Vulnerabilities CVE-2020-26970 are fixed in Mozilla Thunderbird For Mac (78.5.1) | Mac |
| Multiple Vulnerabilities are affected in Mozilla Thunderbird for Mac 78.4.0 | Mac |
| thunderbird security update(DSA-4802-1) thunderbird_78.5.1-1~deb10u1_i386.deb | Linux |
| thunderbird security update(DSA-4802-1) thunderbird_78.5.1-1~deb10u1_amd64.deb | Linux |
| Mozilla Open Source mail and newsgroup client (USN-4701-1) thunderbird_78.6.1+build1-0ubuntu0.20.10.1_amd64.deb | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-317304 | Mozilla Thunderbird (78.5.1) |
| PATCH-317305 | Mozilla Thunderbird (x64) (78.5.1) |
| PATCH-611353 | Mozilla Thunderbird For Mac (128.12.0) |
| PATCH-611807 | Mozilla Thunderbird For Mac (142.0) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234