Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Thunderbird < 2.0.0.23 Certificate Authority (CA) Common Null Byte Handling SSL MiTM Weakness

Medium

Synopsis

The remote host contains a mail client that is affected by a security bypass vulnerability.

Description

The installed version of Mozilla Thunderbird is earlier than 2.0.0.23. Such versions are potentially affected by the following security issue :

- The client can be fooled into trusting a malicious SSL server certificate with a null character in the host name. (MFSA 2009-42)

Solution

Upgrade to Thunderbird 2.0.0.23 or later.