CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
48.4%
The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle (MITM) attack that bypasses TLS authentication or downgrades CRAM-MD5 authentication to plain authentication.
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | thunderbird | 1.0.5 | cpe:2.3:a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:* |
mozilla | thunderbird | 1.0.7 | cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:* |