Thunderbird 52.8.0 security update released - gHacks Tech News

Thunderbird 52.8.0 security update released

Thunderbird 52.8.0 is a new version of the popular cross-platform email client that fixes several security vulnerabilities in the email client.

Existing Thunderbird users can run a check for updates from within the client; to do that, tap on the Alt-key on the keyboard and select Help > About Thunderbird.

The update check should pick up the new version 52.8.0 so that it is downloaded to the local system and installed.

Thunderbird 52.8.0 is available as a standalone download from the official project website as well. You may use the installer to upgrade existing installations of the email client or install it anew on a supported system.

Thunderbird 52.8.0

thunderbird 52.8.0

The release notes highlight changes and issues. Thunderbird 52.8.0 is a security update for the email client that fixes several security issues. Several security issues received the highest impact rating of critical.

Thunderbird 52.8.0 protects emails against some exploits of EFAIL, a recently disclosed attack against OpenPGP and S/Mime. Attackers may use EFAIL attacks to retrieve the actual text of encrypted messages provided that they managed to get hold of the encrypted email and that the target runs a vulnerable client.

The team plans to publish Thunderbird 52.8.1 to fix the issue completely in Thunderbird. Check out the descriptions for the vulnerabilities CVE-2018-5184 and CVE-2018-5162 for additional details.

The following issues are fixed in the new Thunderbird version:

  • CVE-2018-5183: Backport critical security fixes in Skia
  • CVE-2018-5184: Full plaintext recovery in S/MIME via chosen-ciphertext attack
  • CVE-2018-5154: Use-after-free with SVG animations and clip paths
  • CVE-2018-5155: Use-after-free with SVG animations and text paths
  • CVE-2018-5159: Integer overflow and out-of-bounds write in Skia
  • CVE-2018-5161: Hang via malformed headers
  • CVE-2018-5162: Encrypted mail leaks plaintext through src attribute
  • CVE-2018-5170: Filename spoofing for external attachments
  • CVE-2018-5168: Lightweight themes can be installed without user interaction
  • CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update
  • CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension
  • CVE-2018-5185: Leaking plaintext through HTML forms
  • CVE-2018-5150: Memory safety bugs fixed in Firefox 60, Firefox ESR 52.8, and Thunderbird 52.8

Closing Words

Thunderbird 52.8.0 is a security update for the email client that addresses two critical security issues and several rated as high. Thunderbird users should consider upgrading the client to the new version as soon as possible.

Those who use OpenPGP or S/Mime should install the patch asap; it is still recommended to block remote content in Thunderbird to block attacks.

Now You: Which email software do you run?

Summary
Thunderbird 52.8.0 security update released
Article Name
Thunderbird 52.8.0 security update released
Description
Thunderbird 52.8.0 is a new version of the popular cross-platform email client that fixes several security vulnerabilities in the email client.
Author
Publisher
Ghacks Technology News
Logo

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Franck said on May 21, 2018 at 10:49 am
    Reply

    Thanks a lot for the heads-up and the tips regarding the security settings!

  2. Mark Hazard said on May 21, 2018 at 3:25 pm
    Reply

    Thanks, Martin.

  3. John Fenderson said on May 21, 2018 at 5:10 pm
    Reply

    “Which email software do you run?”

    Thunderbird 52.8.0. :)

    1. h said on May 22, 2018 at 7:52 pm
      Reply

      Martin dumbing down those questions

  4. Frederick Schaeffer said on May 22, 2018 at 12:19 am
    Reply

    Thanks for the reminder. Now Thunderbird is uptodate.

  5. Pierre said on May 22, 2018 at 2:48 pm
    Reply

    When the 60 will be released, and what about the 64 bits ?

  6. I said on May 23, 2018 at 6:20 pm
    Reply

    I’m using version 3.1.20 on Windows 10
    Should I update? ;)

  7. Jody Thornton said on May 26, 2018 at 3:08 am
    Reply

    I never cared for Thunderbird past the 2x releases. I love it back then. But the new indexing in v3 and beyond seemed to slow things down. Maybe I should give ‘er another chance after all of these years.
    :)

  8. Mary Soderstrom said on May 28, 2018 at 8:15 pm
    Reply

    Just updated to 52.8.0 , but now I keep getting notices that I have new messages but they are not visible unless I go into Folder Properties and follow prompts to repair the folder. What’s up? How can I stop this? It wasn’t like this before the update.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.