Main Vulnerability Database Vulnerabilities #VU25127

#VU25127 Cleartext storage of sensitive information in Mozilla Thunderbird - CVE-2020-6794

Published: February 11, 2020

Vulnerability identifier: #VU25127

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-6794

CWE-ID: CWE-312

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Thunderbird

Software vendor:
Mozilla

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to an error password management functionality when working with master password that was updated after Thunderbird 60 release. The old password is still available unencrypted on the system, as Thunderbird did not delete the old password file after update.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/

#VU25127 Cleartext storage of sensitive information in Mozilla Thunderbird - CVE-2020-6794

Description

Remediation

External links

Please verify you're human