Rapid7 Vulnerability & Exploit Database

Red Hat: CVE-2020-12398: CVE-2020-12398 Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary

2024 Attack Intel Report Latest research by Rapid7 Labs

Back to Search

Red Hat: CVE-2020-12398: CVE-2020-12398 Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage (Multiple Advisories)

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published

06/18/2020

Created

06/24/2020

Added

06/23/2020

Modified

12/15/2023

Description

If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0.

Solution(s)

redhat-upgrade-thunderbird
redhat-upgrade-thunderbird-debuginfo
redhat-upgrade-thunderbird-debugsource

References

CVE-2020-12398
RHSA-2020:2611
RHSA-2020:2614
RHSA-2020:2615

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Red Hat: CVE-2020-12398: CVE-2020-12398 Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage (Multiple Advisories)

Red Hat: CVE-2020-12398: CVE-2020-12398 Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage (Multiple Advisories)

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.