Rewterz Threat Advisory – Multiple Mozilla Thunderbird Vulnerabilities

Severity

High

Analysis Summary

CVE-2020-12397

By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays.

CVE-2020-12387

A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash.

CVE-2020-6831

A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash.

CVE-2020-12392

The ‘Copy as cURL’ feature of Devtools’ network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the ‘Copy as cURL’ feature and pasted the command into a terminal, it could have resulted in the disclosure of local files.

CVE-2020-12393

The ‘Copy as cURL’ feature of Devtools’ network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the ‘Copy as cURL’ feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution.

CVE-2020-12395

Mozilla Firefox could allow a remote malicious user to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

Impact

• Sender email address spoofing
• Buffer overflow
• Arbitrary command execution
• Denial of service

Affected Vendors

Mozilla

Affected Products

Thunderbird

Remediation