thunderbird is vulnerable to arbitrary code execution. When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable.
Vendor | Product | Version | CPE |
---|---|---|---|
- | thunderbird\ | sid | cpe:2.3:a:-:thunderbird\:sid:1\:78.5.0-1:*:*:*:*:*:*:* |
- | thunderbird\ | stretch | cpe:2.3:a:-:thunderbird\:stretch:1\:68.10.0-1~deb9u1:*:*:*:*:*:*:* |
- | thunderbird\ | stretch | cpe:2.3:a:-:thunderbird\:stretch:1\:52.9.1-1~deb9u1:*:*:*:*:*:*:* |
- | thunderbird\ | stretch | cpe:2.3:a:-:thunderbird\:stretch:1\:60.9.0-1~deb9u1:*:*:*:*:*:*:* |
- | thunderbird\ | buster | cpe:2.3:a:-:thunderbird\:buster:1\:60.9.0-1~deb10u1:*:*:*:*:*:*:* |
- | thunderbird\ | buster | cpe:2.3:a:-:thunderbird\:buster:1\:78.5.0-1~deb10u1:*:*:*:*:*:*:* |
- | thunderbird\ | buster | cpe:2.3:a:-:thunderbird\:buster:1\:68.12.0-1~deb10u1:*:*:*:*:*:*:* |
- | thunderbird\ | bullseye | cpe:2.3:a:-:thunderbird\:bullseye:1\:78.5.0-1:*:*:*:*:*:*:* |
- | thunderbird | 31.8.0_1.ael7b_1 | cpe:2.3:a:-:thunderbird:31.8.0_1.ael7b_1:*:*:*:*:*:*:* |
- | thunderbird | 68.3.0_1.el7.centos | cpe:2.3:a:-:thunderbird:68.3.0_1.el7.centos:*:*:*:*:*:*:* |