CVE-2020-14954

Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a man-in-the-middle attacker and evaluates it in a TLS context, aka "response injection."...

Debian: Security Advisory (DSA-4707-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Information Disclosure

thunderbird is vulnerable to information disclosure. The security downgrade with IMAP STARTTLS leads to information disclosure...

[SECURITY] [DSA 4707-1] mutt security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4707-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 19, 2020 https://www.debian.org/security/faq -...

PT-2020-5911 · Mutt +5 · Mutt +5

Name of the Vulnerable Software and Affected Versions: Mutt versions prior to 1.14.4 NeoMutt versions prior to 2020-06-19 Description: The issue is related to a STARTTLS buffering problem that affects IMAP, SMTP, and POP3 protocols. When a server sends a "begin TLS" response, the client reads...

RHEL 6 : thunderbird (RHSA-2020:2613)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2613 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.9.0. Security Fixes: Mozilla:...

RHEL 8 : thunderbird (RHSA-2020:2616)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2616 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.9.0. Security Fixes: Mozilla:...

Machine-in-the-middle response injection attack when using STARTTLS with IMAP, POP3, and SMTP

mutt 1.14.4 updates: CVE-2020-14954 - Machine-in-the-middle response injection attack when using STARTTLS with IMAP, POP3, and SMTP...

OPENSUSE-SU-2020:0799-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 68.9.0 bsc1172402 - CVE-2020-12405: Fixed a use-after-free in SharedWorkerService. - CVE-2020-12406: Fixed a JavaScript Type confusion with NativeTypes. - CVE-2020-12410: Fixed multiple memory safety issues -...

Security update for MozillaThunderbird (important)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2020:0799-1 Rating: important References: 1172402 Cross-References: CVE-2020-12398 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 Affected Products: openSUSE Leap 15.1 An update that fixes four...

CVE-2020-12398

The Mozilla Foundation Security Advisory describes this flaw as: If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection...

CVE-2020-12398

If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird 68.9.0...

Mozilla Thunderbird < 68.9.0

The version of Thunderbird installed on the remote Windows host is prior to 68.9.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-22 advisory. - Mozilla developers Tom Tung and Karl Tomlinson reported memory safety bugs present in Firefox 68.8. Some of these...

Mozilla Thunderbird < 68.9.0

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 68.9.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-22 advisory. - Mozilla developers Tom Tung and Karl Tomlinson reported memory safety bugs present in Firefox 68.8. Som...

Security Vulnerabilities fixed in Thunderbird 68.9.0 — Mozilla

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. Mozilla developer Iain Ireland...

CVE-2014-2727

The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection...

Command injection

The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection...

CVE-2014-2727

The CVE-2014-2727 issue affects MailMarshal’s STARTTLS before version 7.2, enabling plaintext command injection via the STARTTLS implementation. Public sources identify this as a network‑vector vulnerability with high impact and a high score (NVD CVSS v2/v3). The root cause is the STARTTLS handli...

CVE-2014-2727

The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection...

CVE-2014-8563

Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS...