Mozilla Foundation Security Advisory 2020-53

Security Vulnerabilities fixed in Thunderbird 78.5.1

Announced
December 1, 2020
Impact
high
Products
Thunderbird
Fixed in
  • Thunderbird 78.5.1

#CVE-2020-26970: Stack overflow due to incorrect parsing of SMTP server response codes

Reporter
Chiaki Ishikawa
Impact
high
Description

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable.

References