Thunderbird

Thunderbird 3.1.8 Released

by certifiedbug on March 1, 2011

in Software

Thunderbird 3.1.8 provides several fixes to improve performance, stability and security.

MFSA 2011-09 Crash caused by corrupted JPEG image
MFSA 2011-08 ParanoidFragmentSink allows javascript: URLs in chrome documents
MFSA 2011-01 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)

http://www.mozillamessaging.com/en-US/thunderbird/3.1.8/releasenotes/

http://www.mozilla.org/security/known-vulnerabilities/thunderbird31.html#thunderbird3.1.8

Update from within Thunderbird or download

{ 0 comments }

Mozilla patches Zero-Day. Firefox 3.6.12, Thunderbird 3.1.6 Released

by certifiedbug on October 28, 2010

in Browser

Firefox 3.6.12 fixes a critical security issue that could potentially allow remote code execution.

Thunderbird 3.1.6 fixes a critical security issue that could potentially allow remote code execution. This issue does not affect email or newsgroups but could be triggered through browser-like features or add-ons.

Mozilla Foundation Security Advisories > MFSA 2010-73
Title: Heap buffer overflow mixing document.write and DOM insertion
Impact: Critical
Announced: October 27, 2010
Reporter: Morten Kråkvik
Products: Firefox, Thunderbird, SeaMonkey

http://www.mozilla.com/en-US/firefox/3.6.12/releasenotes/

http://www.mozillamessaging.com/en-US/thunderbird/3.1.6/releasenotes/

If you do not receive an update notice when using the application, select “Check for Updates” from the Help menu.

Firefox Manual Download
Thunderbird Manual Download

http://www.thetechherald.com/article.php/201043/6352/Mozilla-patches-Firefox-Zero-Day-in-record-time

{ 0 comments }

Thunderbird 3.1.5 released

by certifiedbug on October 20, 2010

in Software

* Several fixes to improve performance, stability and security.

MFSA 2010-72 Insecure Diffie-Hellman key exchange
MFSA 2010-71 Unsafe library loading vulnerabilities
MFSA 2010-70 SSL wildcard certificate matching IP addresses
MFSA 2010-69 Cross-site information disclosure via modal calls
MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter
MFSA 2010-66 Use-after-free error in nsBarProp
MFSA 2010-65 Buffer overflow and memory corruption using document.write
MFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14)

* Several fixes to improve the user interface and add-ons experience.

http://www.mozillamessaging.com/en-US/thunderbird/3.1.5/releasenotes/

http://www.mozilla.org/security/known-vulnerabilities/thunderbird31.html#thunderbird3.1.5

Update from within Thunderbird or download

{ 0 comments }

Thunderbird 3.1.4 Released

by certifiedbug on September 16, 2010

in Software

Thunderbird 3.1.4 provides several fixes to improve stability and improve the user interface.

http://www.mozillamessaging.com/en-US/thunderbird/3.1.4/releasenotes/

Manual Download

{ 0 comments }

Thunderbird 3.1.3 Released

September 8, 2010

Thunderbird 3.1.3 provides improvement to the user interface and fixes several stability/security issues. MFSA 2010-63 Information leak via XMLHttpRequest statusText MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS MFSA 2010-61 UTF-7 XSS by overriding document charset using type attribute MFSA 2010-59 SJOW creates scope chains ending in outer object MFSA 2010-58 Crash on [...]

Read the full article →

Thunderbird 2.0.0.18 released

November 20, 2008

Release notes Security Advisory Five Moderate Two Low. Fixed in Thunderbird 2.0.0.18 MFSA 2008-59 Script access to .documentURI and .textContent in mail MFSA 2008-58 Parsing error in E4X default namespace MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation MFSA 2008-55 Crash and remote code execution in nsFrameManager MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18) MFSA 2008-50 [...]

Read the full article →

Thunderbird 2.0.0.17 released

November 14, 2008

Security Advisory Two Critical Five Moderate. MFSA 2008-46 Heap overflow when canceling newsgroup message MFSA 2008-44 resource: traversal vulnerabilities MFSA 2008-43 BOM characters stripped from JavaScript before execution MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17) MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation MFSA 2008-37 UTF-8 URL stack buffer [...]

Read the full article →