In association with heise online

21 January 2010, 10:07

Mozilla addresses critical holes with Thunderbird 3.0.1

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Thunderbird Logo The Mozilla developers have announced the availability of the first security and stability update for version 3 of their popular open source Thunderbird email and news client. In addition to a number of stability and bug fixes, Thunderbird 3.0.1 addresses three critical vulnerabilities.

The update fixes a critical vulnerability in the browser engine used by Thunderbird that could cause a crash, possibly leading to memory corruption and the execution of arbitrary code. The other two critical bugs in liboggplay and the Theora video library could also lead to a crash and potentially allow the execution of arbitrary code on a victim's computer. These are the same vulnerabilities were patched in mid-December by version 3.5.6 of Firefox and by version 2.0.1 of the SeaMonkey "all-in-one internet application suite". The developers strongly recommend all users to upgrade to the latest release as soon as possible.

More details about the release, including a list of known issues, can be found in the release notes and in the change log. Thunderbird 3.0.1 is available to download for Windows, Mac OS X and Linux. Thunderbird binaries are released under the Mozilla Thunderbird End-User Software License Agreement and the source code is released under disjunctive tri-licensing that includes the Mozilla Public Licence, GPLv2 and LGPLv2.1.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit