CVE-2020-6795: 
NixOS vulnerability analysis and mitigation

CVE-2020-6795 is a vulnerability discovered in Mozilla Thunderbird versions prior to 68.5. The vulnerability was disclosed on February 11, 2020, and involves a bug in the MIME processing code when handling messages containing multiple S/MIME signatures. This issue affects the email client's ability to properly process certain types of signed messages (Mozilla Advisory).

The vulnerability stems from a null pointer dereference that occurs during the processing of messages containing multiple S/MIME signatures. When processing such messages, a bug in the MIME processing code causes a crash due to attempting to access a null pointer. The issue has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (NVD).

The vulnerability results in an unexploitable crash of the Thunderbird application when processing certain types of S/MIME signed messages. While the crash affects availability, it has been confirmed to be unexploitable for code execution or other more severe impacts (Mozilla Advisory).

The vulnerability was fixed in Thunderbird version 68.5. Users are advised to upgrade to this version or later to resolve the issue. Various Linux distributions have also released security updates to address this vulnerability, including Ubuntu (versions 19.10, 18.04 LTS, and 16.04 LTS) and Gentoo (Ubuntu Notice, Gentoo Advisory).