PT-2020-5643 · Mozilla+6 · Thunderbird+6

0Xsobky

Published

2020-05-05

Updated

2024-06-15

CVE-2020-12397

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 68.8.0

Description The issue is related to errors in processing Unicode characters in the message header, allowing a remote attacker to spoof the sender's email address displayed by Thunderbird. This is achieved by encoding Unicode whitespace characters within the From email header.

Recommendations For versions prior to 68.8.0, update to version 68.8.0 or later to resolve the issue. As a temporary workaround, consider restricting the display of email headers to minimize the risk of exploitation.

Fix

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-346

Related Identifiers

ALT-PU-2020-1916

ALT-PU-2020-1933

BDU:2021-01343

CESA-2020_2046

CESA-2020_2049

CESA-2020_2050

CVE-2020-12397

DLA-2206-1

DSA-4683-1

MGASA-2020-0209

OPENSUSE-SU-2020:0643-1

OPENSUSE-SU-2020_0643-1

OPENSUSE-SU-2024:10601-1

RHSA-2020:2046

RHSA-2020:2047

RHSA-2020:2048

RHSA-2020:2049

RHSA-2020:2050

RHSA-2020_2046

RHSA-2020_2049

RHSA-2020_2050

SUSE-SU-2020:1225-1

USN-4373-1

Affected Products

Alt Linux

Centos

Linuxmint

Red Hat

Suse

Thunderbird

Ubuntu

PT-2020-5643 · Mozilla+6 · Thunderbird+6

CVE-2020-12397

Weakness Enumeration

Related Identifiers

Affected Products

References · 435