[CentOS] [security] Thunderbird vulnerable to MITM
Leonard den Ottolander
leonard at den.ottolander.nlMon Aug 24 11:07:41 UTC 2015
- Previous message: [CentOS] [security] Thunderbird vulnerable to MITM
- Next message: [CentOS] [security] Thunderbird vulnerable to MITM
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello, On Sat, 2015-08-22 at 08:05 -0700, Alice Wonder wrote: > Thunderbird has a MITM vulnerability with its otherwise rather groovy > auto-configuration feature. > > The problem is that it makes requests via HTTP to retrieve the auto > configuration information. > > This allows a black hat (e.g. the NSA) to modify the results sent to the > client, and the client has no way to verify the results have not been > tampered with. Thank you for pointing out this vulnerability. However, https://lists.mozilla.org/listinfo/dev-apps-thunderbird seems like a more appropriate place to discuss your concerns. I doubt Red Hat will address this issue without upstream involvement and I'm sure CentOS will not. Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research
- Previous message: [CentOS] [security] Thunderbird vulnerable to MITM
- Next message: [CentOS] [security] Thunderbird vulnerable to MITM
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list