Home

CVE-2020-6793

Description

When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird < 68.5.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.803

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities fixed in Mozilla Thunderbird (x64) (68.5.0)Windows
Multiple vulnerabilities fixed in Mozilla Thunderbird (68.5.0)Windows
Multiple vulnerabilities are fixed in Mozilla Thunderbird For Mac (68.5.0)Mac
Multiple Vulnerabilities are affected in Mozilla Thunderbird for Mac 68.4.1Mac
thunderbird security update(DSA-4625-1) thunderbird_68.5.0-1~deb9u1_i386.debLinux
thunderbird security update(DSA-4625-1) thunderbird_68.5.0-1~deb9u1_amd64.debLinux
thunderbird security update(DSA-4625-1) thunderbird_68.5.0-1~deb10u1_i386.debLinux
thunderbird security update(DSA-4625-1) thunderbird_68.5.0-1~deb10u1_amd64.debLinux
(RHSA-2020:0574) thunderbird security update thunderbird-68.5.0-1.el6_10.i686.rpmLinux
(RHSA-2020:0574) thunderbird security update thunderbird-68.5.0-1.el6_10.x86_64.rpmLinux
(RHSA-2020:0576) thunderbird security update thunderbird-68.5.0-1.el7_7.x86_64.rpmLinux
Mozilla Open Source mail and newsgroup client (USN-4328-1) thunderbird_68.7.0+build1-0ubuntu0.18.04.1_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-4328-1) thunderbird_68.7.0+build1-0ubuntu0.18.04.1_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-4328-1) thunderbird_68.7.0+build1-0ubuntu0.19.10.1_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-4328-1) thunderbird_68.7.0+build1-0ubuntu0.19.10.1_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-4335-1) thunderbird_68.7.0+build1-0ubuntu0.16.04.2_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-4335-1) thunderbird_68.7.0+build1-0ubuntu0.16.04.2_amd64.debLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-312894Mozilla Thunderbird (x64) (68.5.0)
PATCH-312889Mozilla Thunderbird (68.5.0)
PATCH-611353Mozilla Thunderbird For Mac (128.12.0)
PATCH-611807Mozilla Thunderbird For Mac (142.0)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234