Description
If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This vulnerability affects Thunderbird < 68.10.0.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2020-7633 | If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This vulnerability affects Thunderbird < 68.10.0. |
References
History
No history.
Status: PUBLISHED
Assigner: mozilla
Published:
Updated: 2024-08-04T13:22:30.834Z
Reserved: 2020-07-10T00:00:00.000Z
Link: CVE-2020-15646
No data.
Status : Modified
Published: 2020-10-08T14:15:12.483
Modified: 2026-06-17T02:56:58.510
Link: CVE-2020-15646
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
- NVD-CWE-noinfo
EUVD