Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2020-53

Security Vulnerabilities fixed in Thunderbird 78.5.1

Announced
December 1, 2020
Impact
high
Products
Thunderbird
Fixed in
  • Thunderbird 78.5.1

#CVE-2020-26970: Stack overflow due to incorrect parsing of SMTP server response codes

Reporter
Chiaki Ishikawa
Impact
high
Description

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable.

References