Re: [security] Thunderbird vulnerable to MITM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hello,

On Sat, 2015-08-22 at 08:05 -0700, Alice Wonder wrote:
> Thunderbird has a MITM vulnerability with its otherwise rather groovy 
> auto-configuration feature.
> 
> The problem is that it makes requests via HTTP to retrieve the auto 
> configuration information.
> 
> This allows a black hat (e.g. the NSA) to modify the results sent to the 
> client, and the client has no way to verify the results have not been 
> tampered with.

Thank you for pointing out this vulnerability. However, 
https://lists.mozilla.org/listinfo/dev-apps-thunderbird seems like a
more appropriate place to discuss your concerns. I doubt Red Hat will
address this issue without upstream involvement and I'm sure CentOS will
not.

Regards,
Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux