vulnerability
MFSA2020-56 Thunderbird: Security Vulnerabilities fixed in Thunderbird 78.6 (CVE-2020-26973)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Dec 15, 2020 | Dec 16, 2020 | Mar 27, 2026 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Dec 15, 2020
Added
Dec 16, 2020
Modified
Mar 27, 2026
Description
Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
Solution
mozilla-thunderbird-upgrade-78_6
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.