A new version of the Mozilla Thunderbird Client was released today. The new version fixes a security issue that could allow JavaScript to escalate privileges and execute arbitrary code. It also fixes a crashing issue. If you use Thunderbird as your mail client it should be updated as soon as possible due to the mitigation of a security flaw.
Tag Archives: thunderbird
Firefox and Thunderbird Vulns, Excel Exploit
Vulnerabilities have been reported in Mozilla Firefox and Thunderbird. These vulnerabilities could be exploited by malicious people to ypass browser/mail client security restrictions, disclose information, and conduct cross-site scripting and phishing attacks. Version 2.0.0.13 fixes these issues for both Firefox and Thunderbird, so update as soon as possible.
An Excel exploit has been released into the wild. The exploit takes advantage of a vulnerability described in MS08-014. Microsoft has already released an update for this, so if it hasn’t been installed already. Now would be a really great time to do so.
Thunderbird 2 MIME vulnerability
Mozilla Thunderbird 2.0.0.9 has been found to contain a heap buffer overflow vulnerability due to the way it handles external-body MIME types. Systems running this version of Thunderbird are vulnerable to compromise or the execution of arbitrary code via specially crafted email messages. You should update to Thunderbird 2.0.0.12 as soon as possible.
Mozilla’s advisory is located at: http://www.mozilla.org/security/announce/2008/mfsa2008-12.html
Mozilla Vulnerabilities
Mozilla Firefox, Thunderbird, and SeaMonkey contain multiple vulnerabilities. These vulnerabilities could allow attackers to execute code remotely, cause a DoS, access sensitive information, and in general control your browsing. The vulnerabilities are in version 2.0.0.11 and prior. Thunderbird 2.0.0.9 and SeaMonkey 1.1.7 are vulnerable to many of the same issues. Mozilla has made upgrade available.
Apache Tomcat; Firefox, Thunderbird Info Leak
Some vulnerabilities in Apache Tomcat have been discovered. These vulnerabilities could allow for the manipulation of an SSL session or the disclosure of session ID’s. Administrators running Tomcat should update to version 5.5.26 or 6.0.16.
Multiple vulnerabilities in Firefox, Thunderbird, and Seamonkey have been reported. These vulnerabilities could result in memory corruption, information exposure, directory traversal, and potentially other issues. A proof of concept exists for Firefox 2.0.0.12. Users should update their Mozilla software to the latest version, and keep an eye out for any additional updates to this issue.