Unrated severityNVD Advisory· Published Dec 9, 2020· Updated Aug 4, 2024
CVE-2020-26970
CVE-2020-26970
Description
When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5<78.5.1+ 1 more
- (no CPE)range: <78.5.1
- (no CPE)range: < 78.5.1
- osv-coords3 versionspkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweedpkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP2
< 91.1.1-1.1+ 2 more
- (no CPE)range: < 91.1.1-1.1
- (no CPE)range: < 78.5.1-3.110.2
- (no CPE)range: < 78.6.0-8.3.1
Patches
Vulnerability mechanics
References
2- bugzilla.mozilla.org/show_bug.cgimitrex_refsource_MISC
- www.mozilla.org/security/advisories/mfsa2020-53/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.