Rapid7 Vulnerability & Exploit Database

Gentoo Linux: CVE-2007-1558: Mozilla products: Multiple vulnerabilities

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

Gentoo Linux: CVE-2007-1558: Mozilla products: Multiple vulnerabilities

Severity

CVSS

(AV:N/AC:H/Au:N/C:P/I:N/A:N)

Published

04/16/2007

Created

07/25/2018

Added

10/30/2017

Modified

10/30/2017

Description

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.

Solution(s)

gentoo-linux-upgrade-mail-client-mozilla-thunderbird
gentoo-linux-upgrade-mail-client-mozilla-thunderbird-bin
gentoo-linux-upgrade-net-libs-xulrunner
gentoo-linux-upgrade-www-client-mozilla-firefox
gentoo-linux-upgrade-www-client-mozilla-firefox-bin
gentoo-linux-upgrade-www-client-seamonkey
gentoo-linux-upgrade-www-client-seamonkey-bin

References

https://attackerkb.com/topics/cve-2007-1558
APPLE-SA-2007-05-24
23257
TA07-151A
CVE - 2007-1558
DSA-1300
DSA-1305
200706-06
OVAL9782
RHSA-2007:0344
RHSA-2007:0353
RHSA-2007:0385
RHSA-2007:0386
RHSA-2007:0401
RHSA-2007:0402
RHSA-2009:1140
20070602-01-P
SUSE-SA:2007:036

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;