Mozilla Thunderbird SMTP down-negotiation behavior allows a man-in-the-middle (MITM) attack to bypass TLS initialization and/or downgrade CRAM-MD5 to PLAIN authentication, leading to exposure of authentication information. Failure in CRAM-MD5 authentication also leads to exposure of authentication information to a passive eavesdropper. Affected versions: Mozilla Thunderbird 1.0.7 (20050923), Mozilla Thunderbird 1.5 Beta 2 (20051006), possibly other programs using the Mozilla mail component.
d7c2c62f53981de1b1e61fbb11de9278cff73769ab86c648b175814f320ba698