In association with heise online

21 August 2009, 11:00

Thunderbird fixes SSL vulnerability

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Mozilla developers have announced the release of version of their popular Thunderbird email client, addressing a vulnerability in the processing of SSL certificates. Previously, inserting a null character in a certificate could trick some applications into treating, for example, the certificate displayed on\ as if it belonged to

Moxie Marlinspike and Dan Kaminsky revealed details of the vulnerability in their Black Hat presentations. The vulnerability, which also existed in Firefox 3.5.x and 3.0.x, was fixed more than two weeks ago. Other software vendors are still working on updates for their products.

The security update is recommended for all users. More details about the release can be found in the release notes. Thunderbird is available to download for Windows, Mac OS X and Linux. Thunderbird is released under the MPL/LGPL/GPL tri-license.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit