Jump to content
  • Thunderbird 102.5.1 fixes a security issue in the email client


    Karlston

    • 1k views
    • 2 minutes
     Share


    • 1k views
    • 2 minutes

    Thunderbird 102.5.1 is a security update for the open source email client that patches a single security issue in the application. The new version of Thunderbird includes several non-security fixes and a Mail extension API update.

     

    Thunderbird 102.5.1 is already available. Existing users may speed up the installation of the update by selecting Menu > Help > About Thunderbird.

     

    The email client displays the current version and runs a check for updates. Any update found may then be installed to resolve the security issue the non-security issues.

    Thunderbird 102.5.1

    The single security issue that affects previous versions of Thunderbird has a severity rating of moderate. The official security notice reveals that it could result in the loading of remote content in Thunderbird, even if remote content is blocked by default in the email client.

     

    CVE-2022-45414: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content

     

    The leak requires quite a few conditions and is likely the reason why it has been rated moderate. Users would have to reply HTML emails or quote them using other means, and the HTML email needed to contain either a Video tag with the Poster attribute or an Object tag with a Data attribute, for the leaking to occur.

     

    Thunderbird 102.5.1 addresses two non-security issues as well. The first displayed the calendar picker "behind" the Send Later window. The second issue omitted the copy to again menu after copying a message to a folder with an unicode name on an unicode-enabled IMAP server.

     

    The new Thunderbird release includes a number of WebExtension API defects that were uplifted from development versions of the email client. Thunderbird extension developers may want to check the list on Bugzilla for a full rundown.

     

    Here is the link to the official release notes of Thunderbird 102.5.1 for those interested.

     

    Thunderbird 102 users may want to install the update as soon as possible, even though it seems unlikely that the issue is exploited on scale.

     

    Now You: which version of Thunderbird do you run, if any?

     

     

     

    Thunderbird 102.5.1 fixes a security issue in the email client

     

    Frontpaged:   Mozilla Thunderbird 102.5.1


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...