1. Home
  2. Security Advisories
  3. Mozilla
  4. MFSA-2021-02

[MFSA-2021-02] Security Vulnerabilities fixed in Thunderbird 78.6.1

Severity Critical
Affected Packages 1
Fixed Packages 1
CVEs 1
Info Packages References Vulnerabilities

In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.

  • CVE-2020-16044: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (critical) A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code.
Package Affected Version
pkg:mozilla/Thunderbird < 78.6.1
Package Fixed Version
pkg:mozilla/Thunderbird = 78.6.1
ID
MFSA-2021-02
Severity
critical
URL
https://www.mozilla.org/en-US/security/advisories/mfsa2021-02
Published
2021-01-11T00:00:00
(3 years ago)
Modified
2021-01-11T00:00:00
(3 years ago)
Other Advisories
Source # ID Name URL
Bugzilla 1683964 https://bugzilla.mozilla.org/show_bug.cgi?id=1683964
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:mozilla/Thunderbird Thunderbird < 78.6.1
Fixed pkg:mozilla/Thunderbird Thunderbird = 78.6.1
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date