Mozilla Foundation Security Advisory 2020-53

#CVE-2020-26970: Stack overflow due to incorrect parsing of SMTP server response codes

Reporter

Chiaki Ishikawa

Impact

high

Description

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable.

References

• Bug 1677338