Mozilla fixes nine flaws in Thunderbird
Mozilla Messaging patched nine security vulnerabilities in Thunderbird Wednesday, the first time it's plugged holes in the e-mail software since early May.
Thunderbird 2.0.0.16, which was added to Mozilla's download servers late Wednesday, quashes nine bugs, including one that was patched last week in Firefox, the company's open-source browser. The remainder fix flaws that were first addressed in early July when Mozilla updated Firefox to version 2.0.0.15.
It's not unusual for Thunderbird security updates to lag behind those released for Firefox.
Seven of the nine bugs were rated "moderate" by Mozilla, the second-lowest of the four rankings in its threat system. The other two were pegged as "low."
The bug patched in Thunderbird Wednesday that was fixed in Firefox last week was in the browser rendering engine's CSSValue array data structure. According to Mozilla, the vulnerability could be used by hackers to force a crash, and from there, run malicious code. Several other just-patched Thunderbird vulnerabilities could also be used by attackers to execute code remotely.
Thunderbird 2.x, like its browser sibling, is on the way out. Most of Mozilla's attention is now on Thunderbird 3.0, which has been available as an Alpha 1 preview for more than two months.
Users can download Thunderbird 2.0.0.16 in versions for Windows, Mac OS X and Linux from the Mozilla site, call up the e-mail client's built-in updater or wait for the automatic update notification, which typically appears within 24 to 48 hours.
» posted by ITworld staff
Computerworld
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
Thunderbird
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
