Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-12398

Опубликовано: 02 июн. 2020
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0.

The Mozilla Foundation Security Advisory describes this flaw as: If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5thunderbirdOut of support scope
Red Hat Enterprise Linux 6thunderbirdFixedRHSA-2020:261319.06.2020
Red Hat Enterprise Linux 7thunderbirdFixedRHSA-2020:261522.06.2020
Red Hat Enterprise Linux 8thunderbirdFixedRHSA-2020:261422.06.2020
Red Hat Enterprise Linux 8.0 Update Services for SAP SolutionsthunderbirdFixedRHSA-2020:261619.06.2020
Red Hat Enterprise Linux 8.1 Extended Update SupportthunderbirdFixedRHSA-2020:261119.06.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1846556Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage

EPSS

Процентиль: 49%
0.00262
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-12398

CVSS3: 7.5
ubuntu
больше 5 лет назад

If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0.

nvd логотип

CVE-2020-12398

CVSS3: 7.5
nvd
больше 5 лет назад

If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0.

debian логотип

CVE-2020-12398

CVSS3: 7.5
debian
больше 5 лет назад

If Thunderbird is configured to use STARTTLS for an IMAP server, and t ...

github логотип

GHSA-jvxv-vphc-73rg

github
больше 3 лет назад

If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0.

suse-cvrf логотип

openSUSE-SU-2020:0799-1

suse-cvrf
больше 5 лет назад

Security update for MozillaThunderbird

EPSS

Процентиль: 49%
0.00262
Низкий

7.5 High

CVSS3