VDB
CVE-2020-26970
CVE-2020-26970
PUBLISHED
When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.
EPSS 0.38% · 59.6th percentile
Risk Scores
EPSS Score
0.38%
59.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | thunderbird | *, 1:52.9.1+build3-0ubuntu0.18.04.1, 1:60.2.1+build1-0ubuntu0.18.04.2 |
| Ubuntu:20.04:LTS | thunderbird | 1:68.1.2+build1-0ubuntu1, 1:68.1.2+build1-0ubuntu2, 1:68.2.1+build1-0ubuntu1 |
Timeline
- Dec 9, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-26970 third-party-advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-53/#CVE-2020-26970 third-party-advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1677338 third-party-advisory
- https://ubuntu.com/security/notices/USN-4701-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-26970 third-party-advisory