Mozilla Thunderbird < 126.96.36.199 Certificate Authority (CA) Common Null Byte Handling SSL MiTM Weakness
Medium Log Correlation Engine Plugin ID 801349
SynopsisThe remote host contains a mail client that is affected by a security bypass vulnerability.
DescriptionThe installed version of Mozilla Thunderbird is earlier than 188.8.131.52. Such versions are potentially affected by the following security issue :
- The client can be fooled into trusting a malicious SSL server certificate with a null character in the host name. (MFSA 2009-42)
SolutionUpgrade to Thunderbird 184.108.40.206 or later.