====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN651
_____________________________________________________________________

DATE                : 03/12/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Thunderbird versions prior to
                                      78.5.1.

=====================================================================
https://www.mozilla.org/en-US/security/advisories/mfsa2020-53/
_____________________________________________________________________


Mozilla Foundation Security Advisory 2020-53
Security Vulnerabilities fixed in Thunderbird 78.5.1

Announced         December 1, 2020
Impact            high
Products          Thunderbird
Fixed in          Thunderbird 78.5.1

#CVE-2020-26970: Stack overflow due to incorrect parsing of SMTP server
response codes

Reporter          Chiaki Ishikawa
Impact            high


Description

When reading SMTP server status codes, Thunderbird writes an integer
value to a position on the stack that is intended to contain just one
byte. Depending on processor architecture and stack layout, this leads
to stack corruption that may be exploitable.


References

    Bug 1677338



=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================