Showing 1 - 6 of 6

CVE-2021-38502

Status Candidate

Overview

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.

Related Files

Debian Security Advisory 5034-1: Posted Jan 28, 2022; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5034-1 - Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code, spoofing, information disclosure, downgrade attacks on SMTP STARTTLS connections or misleading display of OpenPGP/MIME signatures.; tags | advisory, arbitrary, spoof, info disclosure; systems | linux, debian; advisories | CVE-2021-38496, CVE-2021-38500, CVE-2021-38502, CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509, CVE-2021-4126, CVE-2021-43528, CVE-2021-43529, CVE-2021-43534, CVE-2021-43535; SHA-256 | f888fa76ca31bfbcac032ef3035755456561fe803b0f061a25f987500c7081ac; Download | Favorite | View

Ubuntu Security Notice USN-5248-1: Posted Jan 24, 2022; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5248-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, trick a user into accepting unwanted permissions, conduct header splitting attacks, conduct spoofing attacks, bypass security restrictions, confuse the user, or execute arbitrary code.; tags | advisory, denial of service, arbitrary, spoof; systems | linux, ubuntu; advisories | CVE-2021-29981, CVE-2021-29987, CVE-2021-29991, CVE-2021-38495, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38502, CVE-2021-38503, CVE-2021-38504, CVE-2021-38508, CVE-2021-38509, CVE-2021-4126, CVE-2021-43528, CVE-2021-43536, CVE-2021-43537, CVE-2021-43541, CVE-2021-43542, CVE-2021-43656, CVE-2021-44538, CVE-2022-22737, CVE-2022-22740, CVE-2022-22741, CVE-2022-22745, CVE-2022-22747; SHA-256 | ee94116ff4e4b3081cc98a796565452f32b9979d45115195dba7be2d4510ee9a; Download | Favorite | View

Red Hat Security Advisory 2021-3841-01: Posted Oct 13, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-3841-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.2.0. Issues addressed include double free and use-after-free vulnerabilities.; tags | advisory, vulnerability; systems | linux, redhat; advisories | CVE-2021-32810, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501, CVE-2021-38502; SHA-256 | d140dd7f9f644cedee174f9db631321c570cb71993aabebe6381cd1bf62d5a2c; Download | Favorite | View

Red Hat Security Advisory 2021-3838-01: Posted Oct 13, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-3838-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.2.0. Issues addressed include double free and use-after-free vulnerabilities.; tags | advisory, vulnerability; systems | linux, redhat; advisories | CVE-2021-32810, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501, CVE-2021-38502; SHA-256 | e13df085807f4a6696c0a03687c48746ba4f3a0b4277d80a474aeebeffaf8bd6; Download | Favorite | View

Red Hat Security Advisory 2021-3840-01: Posted Oct 13, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-3840-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.2.0. Issues addressed include double free and use-after-free vulnerabilities.; tags | advisory, vulnerability; systems | linux, redhat; advisories | CVE-2021-32810, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501, CVE-2021-38502; SHA-256 | 4758ce692a082d3ba58aa9cb273bb63485a4af02556e5136efb033f70944e8eb; Download | Favorite | View

Red Hat Security Advisory 2021-3839-01: Posted Oct 13, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-3839-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.2.0. Issues addressed include double free and use-after-free vulnerabilities.; tags | advisory, vulnerability; systems | linux, redhat; advisories | CVE-2021-32810, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501, CVE-2021-38502; SHA-256 | df42751e3fccd0c823c188f062a5cac14fc8e08ca7e9a0ed6b006e9653e7b9f8; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 294 files
Ubuntu 64 files
Debian 24 files
Apple 14 files
LiquidWorm 12 files
Gentoo 8 files
Google Security Research 4 files
Andrey Stoykov 3 files
Jann Horn 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,171)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,070)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,426)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,010)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2021-38502

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems