Security fixes for Thunderbird and Firefox

The Mozilla Foundation has just recently updated its roadmap for version 2.0 of the e-mail client Thunderbird, put back the release to next year and promised in the meantime to release bug fixes for the 1.5x series – and along comes version 1.5.0.8, which plugs three security vulnerabilities and fixes a number of bugs. Details of the security and bug fixes can be found in a posting on the Mozilla developers' blog; the Mozilla Foundation publishes a list of security fixes on its "Known Vulnerabilities" page.

The fixes in Thunderbird 1.5.0.8 include one for a JavaScript bug which allows a script to be modified at runtime and thereby the possibility of code infiltration. The developers have also integrated new patches to protect from a vulnerability to fake RSA signatures. This problem was also tackled in Thunderbird 1.5.0.7, but obviously not fixed completely.

The Mozilla Foundation has also released a new version of the Firefox web browser with some bug fixes. Just as with the email client, Firefox 1.5.0.8 fixes primarily three security vulnerabilities, corresponding to the three vulnerabilities closed in Thunderbird 1.5.0.8. According to the developers, the 1.5x versions of Firefox will continue to be supported with security patches and bug fixes until 24th April 2007, however, they recommend all users to upgrade to the recently released Firefox 2.0.

Firefox and Thunderbird versions 1.5.0.8 are available for download from the mozilla.com website. Users of version 1.5x of both Mozilla applications will also have the opportunity to receive the new versions via the integrated update system.

Users of Firefox 1.5.0.7 using the update system will be delivered version 1.5.0.8 and not yet the new version 2.0 of the browser. After the installation of Firefox 1.5.0.8 they can then decide using the auto update whether or not to change over to Firefox 2.0.

(ehe)