This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.
The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle (MITM) attack that bypasses TLS authentication or downgrades CRAM-MD5 authentication to plain authentication.
CVSS 3.x Severity and Metrics:
NVD score not yet provided.
CVSS 2.0 Severity and Metrics: