1. Home
  2. Vulnerabilities
  3. CVE-2021-38502

CVE-2021-38502

CVSS v3.1 5.9 (Medium)
59% Progress
CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.20 % (57th)
0.20% Progress
Affected Products 2
Advisories 14
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.

Weaknesses
CWE-NVD-Other
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2021-11-03 01:15:07
(2 years ago)
Updated Date
2022-07-12 17:42:04
(2 years ago)

Affected Products

Debian

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Thunderbird prior 91.2 version cpe:2.3:a:mozilla:thunderbird < 91.2

Configuration #2

    CPE23 From Up To
  Debian Linux 9.0 cpe:2.3:o:debian:debian_linux:9.0
  Debian Linux 10.0 cpe:2.3:o:debian:debian_linux:10.0
  Debian Linux 11.0 cpe:2.3:o:debian:debian_linux:11.0