Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: Thunderbird 2.0.0.12 is out SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Thunderbird 2.0.0.12 is out

A new Thunderbird version, 2.0.0.12, has been released. This version fixes five (5) known vulnerabilities: 1 critical, 3 high and 1 moderate.

MFSA 2008-12 Heap buffer overflow in external MIME bodies
MFSA 2008-07 Possible information disclosure in BMP decoder
MFSA 2008-05 Directory traversal via chrome: URI
MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)

We were told by the security people at Mozilla a couple of weeks ago, when Firefox 2.0.0.12 was released, that this Thunderbird version contains security fixes that will never be fixed in a 1.5 version. So, if you're still running Thunderbird 1.X, it is time to update!

Thanks Jason for the heads up.

--
Raul Siles
www.raulsiles.com

 

Raul Siles

152 Posts
Feb 27th 2008

Sign Up for Free or Log In to start participating in the conversation!