Main Vulnerability Database Vulnerabilities #VU25129

#VU25129 Use of insufficiently random values in Mozilla Thunderbird - CVE-2020-6792

Published: February 11, 2020

Vulnerability identifier: #VU25129

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-6792

CWE-ID: CWE-330

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Thunderbird

Software vendor:
Mozilla

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to an error in the message ID calculation processes that used uninitialized data in addition to the message contents.

Install updates from vendor's website.