Thunderbird stack overflow due to incorrect parsing of SMTP server response codes [CVE-2020-26970]
CVE number CVE-2020-26970
When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable.
Fixed in
- Thunderbird 78.5.1
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.