Mozilla addresses critical holes with Thunderbird 3.0.1
The Mozilla developers have announced the availability of the first security and stability update for version 3 of their popular open source Thunderbird email and news client. In addition to a number of stability and bug fixes, Thunderbird 3.0.1 addresses three critical vulnerabilities.
The update fixes a critical vulnerability in the browser engine used by Thunderbird that could cause a crash, possibly leading to memory corruption and the execution of arbitrary code. The other two critical bugs in liboggplay and the Theora video library could also lead to a crash and potentially allow the execution of arbitrary code on a victim's computer. These are the same vulnerabilities were patched in mid-December by version 3.5.6 of Firefox and by version 2.0.1 of the SeaMonkey "all-in-one internet application suite". The developers strongly recommend all users to upgrade to the latest release as soon as possible.
More details about the release, including a list of known issues, can be found in the release notes and in the change log. Thunderbird 3.0.1 is available to download for Windows, Mac OS X and Linux. Thunderbird binaries are released under the Mozilla Thunderbird End-User Software License Agreement and the source code is released under disjunctive tri-licensing that includes the Mozilla Public Licence, GPLv2 and LGPLv2.1.
- Security Advisories for Thunderbird 3.0, security advisory from Mozilla.
- Mozilla releases SeaMonkey 2.0 security update, a report from The H.
- Mozilla addresses critical bugs with Firefox 3.5.6, a report from The H.
- Mozilla to speed up Thunderbird development, a report from The H.