In association with heise online

19 March 2009, 09:47

Thunderbird 2.0.0.21 fixes vulnerabilities - Updated

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Thunderbird.png Mozilla has released Thunderbird 2.0.0.21, fixing two critical security vulnerabilities in the open source email client. The update fixes some of the same vulnerabilities that were also recently patched in the Firefox 3.0.7 security update.

Thunderbird 2.0.0.21 upgrades the libpng PNG library to fix critical memory safety hazards which could be used by a malicious website to crash a users browser and possibly execute arbitrary code. A second critical security vulnerability has been closed that could have allowed bugs in the browser engine used in Thunderbird to cause a crash and possibly be exploited to run arbitrary code. Additionally, the developers have closed a cross-domain redirect that could steal arbitrary XML data from another domain, in violation of the same-origin policy.

The security update is recommended for all users. More details about the release can be found in the release notes. Thunderbird 2.0.0.21 is available to download now for Windows, Mac OS X and Linux.

Update: The SeaMonkey developers have also released an update, version 1.1.15, which addresses the same vulnerabilities that were found in Thunderbird. SeaMonkey is an all-in-one package and the successor of the Mozilla Suite. More details can be found in the release notes.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-740657
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit