CVE-2020-12397
Publication date 7 May 2020
Last updated 24 July 2024
Ubuntu priority
By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| thunderbird | 20.04 LTS focal |
Fixed 1:68.8.0+build2-0ubuntu0.20.04.2
|
| 18.04 LTS bionic |
Fixed 1:68.8.0+build2-0ubuntu0.18.04.2
|
|
| 16.04 LTS xenial |
Fixed 1:68.8.0+build2-0ubuntu0.16.04.2
|
|
| 14.04 LTS trusty | Not in release |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
4.3 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-4373-1
- Thunderbird vulnerabilities
- 26 May 2020