Mozilla Thunderbird < 22.214.171.124 Certificate Authority (CA) Common Null Byte Handling SSL MiTM Weakness
Medium Log Correlation Engine Plugin ID 801349
SynopsisThe remote host contains a mail client that is affected by a security bypass vulnerability.
DescriptionThe installed version of Mozilla Thunderbird is earlier than 126.96.36.199. Such versions are potentially affected by the following security issue :
- The client can be fooled into trusting a malicious SSL server certificate with a null character in the host name. (MFSA 2009-42)
SolutionUpgrade to Thunderbird 188.8.131.52 or later.