A security issue was found in Thunderbird before version 78.7. During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session.
A security issue was found in Thunderbird before version 78.7. During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session.
https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2020-15685 https://bugzilla.mozilla.org/show_bug.cgi?id=1622640