CVE-2005-3402
Published: 1 November 2005
The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle (MITM) attack that bypasses TLS authentication or downgrades CRAM-MD5 authentication to plain authentication.
Priority
Status
Package | Release | Status |
---|---|---|
mozilla-thunderbird Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Ignored
(end of life)
|
|
feisty |
Ignored
(end of life)
|
|
upstream |
Needs triage
|