Mozilla Foundation Security Advisory 2020-53
Security Vulnerabilities fixed in Thunderbird 78.5.1
- December 1, 2020
- Fixed in
- Thunderbird 78.5.1
#CVE-2020-26970: Stack overflow due to incorrect parsing of SMTP server response codes
- Chiaki Ishikawa
When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable.