Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-6794

If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Thunderbird < 68.5.

Published

2020-03-02T05:15:12.260

Last Modified

2024-11-21T05:36:11.730

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-312
    CWE-459
    CWE-522
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application mozilla thunderbird < 68.5.0 Yes
Operating System canonical ubuntu_linux 16.04 Yes
Operating System canonical ubuntu_linux 18.04 Yes
Operating System canonical ubuntu_linux 19.10 Yes
References