Mozilla Foundation Security Advisory 2021-02
Security Vulnerabilities fixed in Thunderbird 78.6.1
- January 11, 2021
- Fixed in
- Thunderbird 78.6.1
In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.
#CVE-2020-16044: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk
- Ned Williamson
A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code.