Описание
During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| thunderbird | fixed | 1:78.7.0-1 | package |
Примечания
https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2020-15685
EPSS
Связанные уязвимости
During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7.
During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7.
During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7.
During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7.
Уязвимость почтового клиента Thunderbird, связанная с недостаточной проверкой вводимых данных на этапе настройки соединения IMAP STARTTLS, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации
EPSS