{"containers": {"cna": {"affected": [{"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "affected", "version": "< 78.5.1"}]}], "descriptions": [{"lang": "en", "value": "When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1."}], "problemTypes": [{"descriptions": [{"description": "Stack overflow due to incorrect parsing of SMTP server response codes", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-12-09T00:26:43", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1677338"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-53/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2020-26970", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Thunderbird", "version": {"version_data": [{"version_value": "< 78.5.1"}]}}]}, "vendor_name": "Mozilla"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Stack overflow due to incorrect parsing of SMTP server response codes"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1677338", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1677338"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2020-53/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2020-53/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:03:23.173Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1677338"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-53/"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2020-26970", "datePublished": "2020-12-09T00:26:43", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.173Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "4850048E-DAB6-4743-9849-F07503D629BA", "versionEndExcluding": "78.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1."}, {"lang": "es", "value": "Cuando se leen los c\u00f3digos de estado del servidor SMTP, Thunderbird escribe un valor entero hacia una posici\u00f3n en la pila que debe contener solo un byte.&#xa0;Dependiendo de la arquitectura del procesador y el dise\u00f1o de la pila, esto conlleva a una corrupci\u00f3n de la pila que puede ser explotable.&#xa0;Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 78.5.1"}], "id": "CVE-2020-26970", "lastModified": "2024-11-21T05:20:36.117", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-09T01:15:13.817", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1677338"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-53/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1677338"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-53/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Chiaki Ishikawa as the original reporter.", "affected_release": [{"advisory": "RHSA-2020:5400", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:78.5.1-1.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-12-14T00:00:00Z"}, {"advisory": "RHSA-2020:5398", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:78.5.1-1.el8_3", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-12-14T00:00:00Z"}, {"advisory": "RHSA-2020:5645", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "thunderbird-0:78.6.0-1.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-12-21T00:00:00Z"}, {"advisory": "RHSA-2020:5644", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "thunderbird-0:78.6.0-1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2020-12-21T00:00:00Z"}, {"advisory": "RHSA-2020:5399", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "thunderbird-0:78.5.1-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2020-12-14T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes", "id": "1903443", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903443"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-121", "details": ["When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1."], "name": "CVE-2020-26970", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2020-12-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-26970\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-26970\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-53/#CVE-2020-26970"], "threat_severity": "Important"}