CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
EPSS
Percentile
48.4%
The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly
other versions, does not notify users when it cannot establish a secure
channel with the server, which allows remote attackers to obtain
authentication information without detection via a man-in-the-middle (MITM)
attack that bypasses TLS authentication or downgrades CRAM-MD5
authentication to plain authentication.