CVE-2020-12398 log

Severity High
Remote Yes
Type Man-in-the-middle
A security downgrade issue has been found in Thunderbird before 68.9.0. If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection.
Group Package Affected Fixed Severity Status Ticket
AVG-1179 thunderbird 68.8.1-1 68.9.0-1 High Fixed
Date Advisory Group Package Severity Type
06 Jun 2020 ASA-202006-4 AVG-1179 thunderbird High multiple issues