{"id":"MGASA-2020-0300","summary":"Updated thunderbird packages fix security vulnerability","details":"If Thunderbird is configured to use STARTTLS for an IMAP server, and the server\nsends a PREAUTH response, then Thunderbird will continue with an unencrypted\nconnection, causing email data to be sent without protection (CVE-2020-12398).\n\nWhen browsing a malicious page, a race condition in our SharedWorkerService\ncould occur and lead to a potentially exploitable crash due to a use-after-free\n(CVE-2020-12405).\n\nMozilla developer Iain Ireland discovered a missing type check during unboxed\nobjects removal, resulting in a crash due to type confusion with NativeTypes. We\npresume that with enough effort that it could be exploited to run arbitrary code\n(CVE-2020-12406).\n\nMozilla developers Tom Tung and Karl Tomlinson reported memory safety bugs\npresent in Firefox ESR 68.8. Some of these bugs showed evidence of memory\ncorruption and we presume that with enough effort some of these could have been\nexploited to run arbitrary code (CVE-2020-12410).\n\nManipulating individual parts of a URL object could have caused an\nout-of-bounds read, leaking process memory to malicious JavaScript\n(CVE-2020-12418).\n\nWhen processing callbacks that occurred during window flushing in the parent\nprocess, the associated window may die; causing a use-after-free in\nnsGlobalWindowInner. This could have led to memory corruption and a\npotentially exploitable crash (CVE-2020-12419).\n\nWhen trying to connect to a STUN server, a race condition could have caused a\nuse-after-free of a pointer, leading to memory corruption and a potentially\nexploitable crash (CVE-2020-12420).\n\nIf an attacker intercepts Thunderbird's initial attempt to perform automatic\naccount setup using the Microsoft Exchange autodiscovery mechanism, and the\nattacker sends a crafted response, then Thunderbird sends username and\npassword over https to a server controlled by the attacker (MFSA-2020-0001).\n\nWhen performing add-on updates, certificate chains terminating in\nnon-built-in-roots were rejected (even if they were legitimately added by an\nadministrator.) This could have caused add-ons to become out-of-date silently\nwithout notification to the user (CVE-2020-12421).\n","modified":"2026-04-16T00:08:54.483211741Z","published":"2020-07-31T23:25:42Z","upstream":["CVE-2020-12398","CVE-2020-12405","CVE-2020-12406","CVE-2020-12410","CVE-2020-12418","CVE-2020-12419","CVE-2020-12420","CVE-2020-12421"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0300.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26891"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/"}],"affected":[{"package":{"name":"thunderbird","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"68.10.0-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0300.json"}},{"package":{"name":"thunderbird-l10n","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"68.10.0-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0300.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}