Vulnerabilities > CVE-2005-3402 - Unspecified vulnerability in Mozilla Thunderbird 1.0.5/1.0.7
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle (MITM) attack that bypasses TLS authentication or downgrades CRAM-MD5 authentication to plain authentication.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |