5.9

CVE-2021-38502

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaThunderbird Version < 91.2
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.07% 0.603
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html
Third Party Advisory
Mailing List
https://www.debian.org/security/2022/dsa-5034
Third Party Advisory
Issue Tracking
https://www.mozilla.org/security/advisories/mfsa2021-47/
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1733366
Vendor Advisory
Issue Tracking
Permissions Required