Mozilla Thunderbird < 22.214.171.124 Certificate Authority (CA) Common Name Null Byte Handling SSL MiTM Weakness
Medium Nessus Plugin ID 40664
SynopsisThe remote Windows host contains a mail client that is affected by a security bypass vulnerability.
DescriptionThe installed version of Thunderbird is earlier than 126.96.36.199. Such versions are potentially affected by the following security issue :
- The client can be fooled into trusting a malicious SSL server certificate with a null character in the host name.
SolutionUpgrade to Thunderbird 188.8.131.52 or later.