CVE-2020-15685

During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird 78.7...

CVE-2020-15685

During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird 78.7...

CVE-2020-15685

During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird 78.7...

Mozilla: IMAP Response Injection when using STARTTLS

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes that during the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session...

Mozilla: IMAP Response Injection when using STARTTLS

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes that during the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session...

Mozilla: IMAP Response Injection when using STARTTLS

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes that during the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session...

Mozilla: IMAP Response Injection when using STARTTLS

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes that during the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session...

Oracle Linux 7 : thunderbird (ELSA-2021-0297)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-0297 advisory. 78.7.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 78.7.0-1 - Update to 78.7.0 Tenable has extracted...

spamdyke -- STARTTLS Plaintext Injection Vulnerability

Secunia reports: The vulnerability is caused due to the TLS implementation not properly clearing transport layer buffers when upgrading from plaintext to ciphertext after receiving the "STARTTLS" command. This can be exploited to insert arbitrary plaintext data e.g. SMTP commands during the...

STARTTLS plaintext command injection vulnerability

Overview Some STARTTLS implementations could allow a remote attacker to inject commands during the plaintext phase of the protocol. Description STARTTLS is an extension to plaintext communication protocols that offers a way to upgrade a plaintext connection to an encrypted TLS or SSL connection...