 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2021-38502 |
| Description: | Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2. |
| Test IDs: | None available |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2021-38502 Debian Security Information: DSA-5034 (Google Search) https://www.debian.org/security/2022/dsa-5034 https://bugzilla.mozilla.org/show_bug.cgi?id=1733366 https://bugzilla.mozilla.org/show_bug.cgi?id=1733366 https://www.mozilla.org/security/advisories/mfsa2021-47/ https://www.mozilla.org/security/advisories/mfsa2021-47/ https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html |