CVE-2007-1558

Name of the Vulnerable Software and Affected Versions Thunderbird versions 1.x prior to 1.5.0.12 Thunderbird versions 2.x prior to 2.0.0.4 Evolution (affected versions not specified) mutt (affected versions not specified) fetchmail versions prior to 6.3.8 SeaMonkey versions 1.0.x prior to 1.0.9 SeaMonkey versions 1.1.x prior to 1.1.2 Balsa version 2.3.16 and earlier Mailfilter versions prior to 0.8.2

Description The APOP protocol is susceptible to man-in-the-middle (MITM) attacks, allowing remote attackers to guess the first 3 characters of a password. This is achieved through crafted message IDs and MD5 collisions.

Recommendations For Thunderbird versions 1.x, update to version 1.5.0.12 or later. For Thunderbird versions 2.x, update to version 2.0.0.4 or later. For fetchmail, update to version 6.3.8 or later. For SeaMonkey versions 1.0.x, update to version 1.0.9 or later. For SeaMonkey versions 1.1.x, update to version 1.1.2 or later. For Balsa, update to a version later than 2.3.16. For Mailfilter, update to version 0.8.2 or later. For Evolution and mutt, at the moment, there is no information about a newer version that contains a fix for this issue.