gHacks technology news » thunderbird security http://www.ghacks.net A technology blog covering software, mobile phones, gadgets, security, the Internet and other relevant areas. Mon, 09 Nov 2009 10:11:12 +0000 http://wordpress.org/?v=2.8.5 en hourly 1 Thunderbird Security Update To 2.0.0.17 http://www.ghacks.net/2008/09/26/thunderbird-security-update-to-20017/ http://www.ghacks.net/2008/09/26/thunderbird-security-update-to-20017/#comments Fri, 26 Sep 2008 07:08:47 +0000 Martin http://www.ghacks.net/?p=7232 Just a day after updating both Firefox version 3 and 2 the Mozilla Thunderbird development team released a update for Thunderbird which raises the version of the email client to 2.0.0.17.

The update is a security update and it is therefor recommended to update immediately if Thunderbird is installed and in use on a computer system.

Interested users can take a look at the release notes for the new version which contain a link to the security issues that have been fixed.

The update fixes the following two critical and five moderate security vulnerabilities that can be exploited in earlier versions of the mail client:

  • MFSA 2008-46 Heap overflow when canceling newsgroup message
  • MFSA 2008-44 resource: traversal vulnerabilities
  • MFSA 2008-43 BOM characters stripped from JavaScript before execution
  • MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
  • MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
  • MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
  • MFSA 2008-37 UTF-8 URL stack buffer overflow

The update checks in the email client can be used to download the latest version. Users find that option in the Help > Check for Updates menu in Thunderbird. Everyone else can use the link posted above to download the email client Thunderbird from the official Mozilla website.

Tags: , , , , ,

Related posts

]]> http://www.ghacks.net/2008/09/26/thunderbird-security-update-to-20017/feed/ 0 Thunderbird 2.0.0.6 is out http://www.ghacks.net/2007/08/02/thunderbird-2006-is-out/ http://www.ghacks.net/2007/08/02/thunderbird-2006-is-out/#comments Thu, 02 Aug 2007 06:08:50 +0000 Martin http://www.ghacks.net/2007/08/02/thunderbird-2006-is-out/ After releasing the Firefox update to 2.0.0.6 early because of a serious security vulnerability the update for Thunderbird was released on schedule. The automatic update routine is already suggesting to update Thunderbird to its newest version and the website has been updated with the latest information as well.

The same security vulnerabilities that have been fixed in Firefox 2.0.0.6 have also been fixed in Thunderbird which means that you should update immediately to the latest version. As far as I can tell there are no new features in this version, at least all my extensions are still working fine.

The Rumbling Edge lists the following three fixes for Thunderbird 2.0.0.6

Fixed: MFSA 2007-27 – Unescaped URIs passed to external programs (Critical)
Fixed: MFSA 2007-26 – Privilege escalation through chrome-loaded about:blank windows (Moderate)
Fixed: 389106 – firefox may not escape quotes everywhere

Tags: , ,

Related posts

]]> http://www.ghacks.net/2007/08/02/thunderbird-2006-is-out/feed/ 0