Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-15685

Опубликовано: 26 янв. 2021
Источник: redhat
CVSS3: 8.8
EPSS Низкий

Описание

During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7.

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes that during the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6thunderbirdOut of support scope
Red Hat Enterprise Linux 7thunderbirdFixedRHSA-2021:029728.01.2021
Red Hat Enterprise Linux 8thunderbirdFixedRHSA-2021:029828.01.2021
Red Hat Enterprise Linux 8.1 Extended Update SupportthunderbirdFixedRHSA-2021:039703.02.2021
Red Hat Enterprise Linux 8.2 Extended Update SupportthunderbirdFixedRHSA-2021:029928.01.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-924
https://bugzilla.redhat.com/show_bug.cgi?id=1921543Mozilla: IMAP Response Injection when using STARTTLS

EPSS

Процентиль: 70%
0.00622
Низкий

8.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-15685

CVSS3: 8.8
ubuntu
около 3 лет назад

During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7.

nvd логотип

CVE-2020-15685

CVSS3: 8.8
nvd
около 3 лет назад

During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7.

debian логотип

CVE-2020-15685

CVSS3: 8.8
debian
около 3 лет назад

During the plaintext phase of the STARTTLS connection setup, protocol ...

github логотип

GHSA-c839-4fpv-9xp7

CVSS3: 8.8
github
около 3 лет назад

During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7.

fstec логотип

BDU:2021-02078

CVSS3: 6.5
fstec
около 5 лет назад

Уязвимость почтового клиента Thunderbird, связанная с недостаточной проверкой вводимых данных на этапе настройки соединения IMAP STARTTLS, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации

EPSS

Процентиль: 70%
0.00622
Низкий

8.8 High

CVSS3