Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle (MITM) attack that bypasses TLS authentication or downgrades CRAM-MD5 authentication to plain authentication.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla Thunderbird不安全SMTP认证协议协商漏洞
Vulnerability Description
Mozilla Thunderbird是由Mozilla浏览器的邮件功能部件所改造的邮件工具,使用XUL程序介面语言所设计,是专门为搭配Mozilla Firefox浏览器使用者所设计的邮件客户端软件,介面设计更简洁、而且免安装。 Mozilla Thunderbird 1.0.5 BETA, 1.0.7以及其他可能版本中的SMTP客户机,在无法建立与服务器之间的安全通道时不会通知用户,这可让远程攻击者通过中间人(MITM)攻击绕过TLS认证,或将CRAM-MD5认证降级为明文认证,从而无需检测即可获得认
CVSS Information
N/A
Vulnerability Type
N/A