CVE-2021-38502 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Man-in-the-middle
Description	Thunderbird before version 91.2 ignored the configuration to require STARTTLS security for an SMTP connection. A man-in-the-middle (MITM) could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2459	thunderbird	91.1.2-1	91.2.0-1	High	Fixed

References
https://www.mozilla.org/security/advisories/mfsa2021-47/ https://bugzilla.mozilla.org/show_bug.cgi?id=1733366