[CentOS] [security] Thunderbird vulnerable to MITM
Leonard den Ottolander
leonard at den.ottolander.nl
Mon Aug 24 11:07:41 UTC 2015
Hello,
On Sat, 2015-08-22 at 08:05 -0700, Alice Wonder wrote:
> Thunderbird has a MITM vulnerability with its otherwise rather groovy
> auto-configuration feature.
>
> The problem is that it makes requests via HTTP to retrieve the auto
> configuration information.
>
> This allows a black hat (e.g. the NSA) to modify the results sent to the
> client, and the client has no way to verify the results have not been
> tampered with.
Thank you for pointing out this vulnerability. However,
https://lists.mozilla.org/listinfo/dev-apps-thunderbird seems like a
more appropriate place to discuss your concerns. I doubt Red Hat will
address this issue without upstream involvement and I'm sure CentOS will
not.
Regards,
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research
More information about the CentOS
mailing list