Hello, On Sat, 2015-08-22 at 08:05 -0700, Alice Wonder wrote: > Thunderbird has a MITM vulnerability with its otherwise rather groovy > auto-configuration feature. > > The problem is that it makes requests via HTTP to retrieve the auto > configuration information. > > This allows a black hat (e.g. the NSA) to modify the results sent to the > client, and the client has no way to verify the results have not been > tampered with. Thank you for pointing out this vulnerability. However, https://lists.mozilla.org/listinfo/dev-apps-thunderbird seems like a more appropriate place to discuss your concerns. I doubt Red Hat will address this issue without upstream involvement and I'm sure CentOS will not. Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research