icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Mozilla Thunderbird < 2.0.0.23 Multiple Vulnerabilities

Medium

Synopsis

The remote host has an email client installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Thunderbird prior to 2.0.0.23 are affected by an SSL spoofing attack. The client can be fooled into trusting a malicious SSL server certificate with a null character in the host name. (MFSA 2009-42)

Solution

Upgrade to Thunderbird 2.0.0.23 or later.