====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN008
_____________________________________________________________________

DATE                : 12/01/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Thunderbird versions prior to
                                     78.6.1.

=====================================================================
https://www.mozilla.org/en-US/security/advisories/mfsa2021-02/
_____________________________________________________________________


Mozilla Foundation Security Advisory 2021-02

Security Vulnerabilities fixed in Thunderbird 78.6.1


Announced         January 11, 2021
Impact            critical
Products          Thunderbird
Fixed in
        Thunderbird 78.6.1

In general, these flaws cannot be exploited through email in the
Thunderbird product because scripting is disabled when reading mail, but
are potentially risks in browser or browser-like contexts.


#CVE-2020-16044: Use-after-free write when handling a malicious
COOKIE-ECHO SCTP chunk

Reporter           Ned Williamson
Impact             critical

Description

A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP
packet in a way that potentially resulted in a use-after-free. We
presume that with enough effort it could have been exploited to run
arbitrary code.


References

    Bug 1683964



=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================