Mozilla Thunderbird is an open source email client. A command injection vulnerability exists in the Mozilla Thunderbird product, which stems from a problem in the way Thunderbird handles IMAP server responses sent prior to the STARTTLS process. An attacker could exploit this vulnerability to send arbitrary IMAP commands before the STARTTLS handshake and execute them after the handshake completes.
CPE | Name | Operator | Version |
---|---|---|---|
mozilla thunderbird | lt | 78.12 |