Mozilla Thunderbird CVE-2015-4000 Weak Encryption Vulnerability

description-logoDescription

Security researcher Matthew Green reported a DiffieHellman (DHE) key processing issue in Network Security Services (NSS) where a man-in-the-middle (MITM) attacker can force a server to downgrade TLS connections to 512-bit export-grade cryptography by modifying client requests to include only export-grade cipher suites. The resulting weak key can then be leveraged to impersonate the server. This attack is detailed in the "Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice" paper and is known as the "Logjam Attack."

affected-products-logoAffected Applications

Thunderbird

CVE References

CVE-2015-4000