Thunderbird 220.127.116.11 fixes vulnerabilities - Updated
Mozilla has released Thunderbird 18.104.22.168, fixing two critical security vulnerabilities in the open source email client. The update fixes some of the same vulnerabilities that were also recently patched in the Firefox 3.0.7 security update.
Thunderbird 22.214.171.124 upgrades the
libpng PNG library to fix critical memory safety hazards which could be used by a malicious website to crash a users browser and possibly execute arbitrary code. A second critical security vulnerability has been closed that could have allowed bugs in the browser engine used in Thunderbird to cause a crash and possibly be exploited to run arbitrary code. Additionally, the developers have closed a cross-domain redirect that could steal arbitrary XML data from another domain, in violation of the same-origin policy.
Update: The SeaMonkey developers have also released an update, version 1.1.15, which addresses the same vulnerabilities that were found in Thunderbird. SeaMonkey is an all-in-one package and the successor of the Mozilla Suite. More details can be found in the release notes.
- Email client Thunderbird 3 beta 2 released, a report from The H.