Mozilla Thunderbird CVE-2015-2741 Weak Encryption Vulnerability

description-logoDescription

Mozilla security engineer David Keeler reported that when an overridable error is encountered, such as those for expired certificates or a host name does not match a certificate, pinning checks can be be skipped. This would allow for a user to override a pinned certificate when they should not be able to do so. This issue does not allow for third parties to cause a certificate to be overridden and the user would still have to manually do so.

affected-products-logoAffected Applications

Thunderbird

CVE References

CVE-2015-2741