Описание
The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle (MITM) attack that bypasses TLS authentication or downgrades CRAM-MD5 authentication to plain authentication.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | ignored | negligible |
| edgy | ignored | end of life |
| feisty | ignored | end of life |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
2.6 Low
CVSS2
Связанные уязвимости
The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle (MITM) attack that bypasses TLS authentication or downgrades CRAM-MD5 authentication to plain authentication.
The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly ...
The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle (MITM) attack that bypasses TLS authentication or downgrades CRAM-MD5 authentication to plain authentication.
EPSS
2.6 Low
CVSS2