One of our readers sent this in to us (Thanks Juha-Matti), a security advisory against versions of Thunderbird <= 126.96.36.199.
Aside from all the other good reasons to update to Thunderbird 3.0, this is a vulnerability in Thunderbird's dtoa implementation. Many Thunderbird users like to integrate things like Lightning (the calendar application) right into their Mail client, similar to Outlook. This tight integration allows for much the same functionality that Outlook has in it's mail client, except for the Exchange server portion. I've seen Thunderbird and Lightning used at countless organizations to be able to handle calendars, so be sure and pay attention to this one.
The flaw, according to the link, is in how Thunderbird's dtoa implementation works. Since Thunderbird uses the same dtoa implementation as Firefox, one would tend to think that Firefox (and it's variations, Camino..etc) would be vulnerable too.
This would affect many plugins as well, things like Lightning (as previously mentioned) and Thunderbrowse (as mentioned it the link above). Who knows what else, so make sure and update everything that you can.
Dec 11th 2009
9 years ago