|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2020-26970: MozillaThunderbird: Mozilla Foundation Security Advisory 2020-53 (Thunderbird version 78.5.1) | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Robert Frohl <rfrohl> |
| Component: | Incidents | Assignee: | Martin Sirringhaus <martin.sirringhaus> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Major | ||
| Priority: | P2 - High | CC: | atoptsoglou, cgrobertson, wolfgang |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/272621/ | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
This is an autogenerated message for OBS integration: This bug (1179530) was mentioned in https://build.opensuse.org/request/show/852686 Factory / MozillaThunderbird SUSE-SU-2020:3642-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1179530 CVE References: CVE-2020-26970 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 15-SP1 (src): MozillaThunderbird-78.5.1-3.110.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2020:3935-1: An update that fixes 9 vulnerabilities is now available. Category: security (critical) Bug References: 1179530,1180039 CVE References: CVE-2020-16042,CVE-2020-26970,CVE-2020-26971,CVE-2020-26973,CVE-2020-26974,CVE-2020-26978,CVE-2020-35111,CVE-2020-35112,CVE-2020-35113 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 15-SP2 (src): MozillaThunderbird-78.6.0-8.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. done |
Security Vulnerabilities fixed in Thunderbird 78.5.1 Announced December 1, 2020 Impact high Products Thunderbird Fixed in Thunderbird 78.5.1 #CVE-2020-26970: Stack overflow due to incorrect parsing of SMTP server response codes Reporter Chiaki Ishikawa Impact high Description When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. References Bug 1677338