UBUNTU-CVE-2020-26970
- Source
- https://ubuntu.com/security/CVE-2020-26970
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-26970.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-26970
- Upstream
- Related
- Published
- 2020-12-09T01:15:00Z
- Modified
- 2025-09-08T16:46:25Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.
- References
Affected packages
Ubuntu:18.04:LTS / thunderbird
Package
- Name
- thunderbird
- Purl
- pkg:deb/ubuntu/thunderbird@1:78.8.1+build1-0ubuntu0.18.04.1?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:78.8.1+build1-0ubuntu0.18.04.1
Affected versions
1:52.*
1:52.4.0+build1-0ubuntu2
1:52.6.0+build1-0ubuntu1
1:52.7.0+build1-0ubuntu1
1:52.8.0+build1-0ubuntu0.18.04.1
1:52.9.1+build3-0ubuntu0.18.04.1
1:60.*
1:60.2.1+build1-0ubuntu0.18.04.2
1:60.4.0+build2-0ubuntu0.18.04.1
1:60.5.1+build2-0ubuntu0.18.04.1
1:60.6.1+build2-0ubuntu0.18.04.1
1:60.7.0+build1-0ubuntu0.18.04.1
1:60.7.1+build1-0ubuntu0.18.04.1
1:60.7.2+build2-0ubuntu0.18.04.1
1:60.8.0+build1-0ubuntu0.18.04.1
1:60.9.0+build1-0ubuntu0.18.04.1
1:68.*
1:68.2.1+build1-0ubuntu0.18.04.1
1:68.2.2+build1-0ubuntu0.18.04.1
1:68.4.1+build1-0ubuntu0.18.04.1
1:68.7.0+build1-0ubuntu0.18.04.1
1:68.8.0+build2-0ubuntu0.18.04.2
1:68.10.0+build1-0ubuntu0.18.04.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.8.1+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-dev",
"binary_version": "1:78.8.1+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.8.1+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.8.1+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.8.1+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.8.1+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.8.1+build1-0ubuntu0.18.04.1"
}
]
}
Ubuntu:20.04:LTS / thunderbird
Package
- Name
- thunderbird
- Purl
- pkg:deb/ubuntu/thunderbird@1:78.7.1+build1-0ubuntu0.20.04.1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:78.7.1+build1-0ubuntu0.20.04.1
Affected versions
1:68.*
1:68.1.2+build1-0ubuntu1
1:68.1.2+build1-0ubuntu2
1:68.2.1+build1-0ubuntu1
1:68.2.2+build1-0ubuntu1
1:68.3.0+build2-0ubuntu1
1:68.3.1+build1-0ubuntu2
1:68.4.1+build1-0ubuntu1
1:68.4.2+build2-0ubuntu1
1:68.5.0+build1-0ubuntu1
1:68.6.0+build2-0ubuntu1
1:68.7.0+build1-0ubuntu1
1:68.7.0+build1-0ubuntu2
1:68.8.0+build2-0ubuntu0.20.04.2
1:68.10.0+build1-0ubuntu0.20.04.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.7.1+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-dev",
"binary_version": "1:78.7.1+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.7.1+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.7.1+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.7.1+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.7.1+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.7.1+build1-0ubuntu0.20.04.1"
}
]
}