Bug 1846556 (CVE-2020-12398)

Summary: CVE-2020-12398 Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage
Product: [Other] Security Response Reporter: msiddiqu
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: cschalle, gecko-bugs-nobody, jhorak, stransky
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: thunderbird 68.9.0 Doc Type: If docs needed, set a value
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-06-19 05:20:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1840095, 1840096, 1840097, 1840098, 1840099, 1840100, 1840101    
Bug Blocks: 1840093    

Description msiddiqu 2020-06-11 22:09:40 UTC 
If Thunderbird is configured to use STARTTLS for an IMAP
server, and the server sends a PREAUTH response, then
Thunderbird will continue with an unencrypted connection,
causing email data to be sent without protection.



External Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12398
Comment 1 msiddiqu 2020-06-11 22:09:45 UTC 
Acknowledgments:

Name: the Mozilla project
Upstream: Damian Poddebniak
Comment 2 errata-xmlrpc 2020-06-19 01:53:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:2616 https://access.redhat.com/errata/RHSA-2020:2616
Comment 3 errata-xmlrpc 2020-06-19 01:54:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2020:2611 https://access.redhat.com/errata/RHSA-2020:2611
Comment 4 errata-xmlrpc 2020-06-19 03:07:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:2613 https://access.redhat.com/errata/RHSA-2020:2613
Comment 5 errata-xmlrpc 2020-06-19 03:18:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:2614 https://access.redhat.com/errata/RHSA-2020:2614
Comment 6 Product Security DevOps Team 2020-06-19 05:20:38 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-12398
Comment 7 errata-xmlrpc 2020-06-22 09:37:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:2615 https://access.redhat.com/errata/RHSA-2020:2615