Mozilla Thunderbird < Certificate Authority (CA) Common Null Byte Handling SSL MiTM Weakness

medium Log Correlation Engine Plugin ID 801349


The remote host contains a mail client that is affected by a security bypass vulnerability.


The installed version of Mozilla Thunderbird is earlier than Such versions are potentially affected by the following security issue :

- The client can be fooled into trusting a malicious SSL server certificate with a null character in the host name. (MFSA 2009-42)


Upgrade to Thunderbird or later.

See Also

Plugin Details

Severity: Medium

ID: 801349

Family: SMTP Clients

Published: 3/4/2010

Nessus ID: 40664

Risk Information


Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Information

Patch Publication Date: 8/20/2009

Vulnerability Publication Date: 7/30/2009

Reference Information

CVE: CVE-2009-2408

BID: 35888