CVE-2020-12398 – Thunderbird

If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0.


Leave a Reply

Your email address will not be published. Required fields are marked *