Jump to content

Thunderbird 68.4.1 is a security update


Recommended Posts

Thunderbird 68.4.1 is a security update

Thunderbird 68.4.1 was released a couple of days ago. The new version is a security update for the email client that patches a security vulnerability that is exploited in the wild as well as other security issues in the program.


Thunderbird users who are running a 68.x version of the email client should receive the update automatically provided that automatic updating has not been turned off in the client. A manual check for updates via Help > About Thunderbird in the client should pick up the new update right away so that it can be installed.


thunderbird 68.4.1


As far as security is concerned, Thunderbird 68.4.1 fixes a total of seven different security vulnerabilities; one of them rated critical, the highest severity rating, others high or moderate, the second and third highest severity rating available.

  1. CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement
  2. CVE-2019-17015: Memory corruption in parent process during new content process initialization on Windows
  3. CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting
  4. CVE-2019-17017: Type Confusion in XPCVariant.cpp
  5. CVE-2019-17021: Heap address disclosure in parent process during content process initialization on Windows
  6. CVE-2019-17022: CSS sanitization does not escape HTML tags
  7. CVE-2019-17024: Memory safety bugs fixed in Thunderbird 68.4.1

The critical security vulnerability is the same that Mozilla patched earlier this month in Firefox. Since Thunderbird relies on Firefox code, it is often affected by issues that affect the web browser.


Thunderbird 68.4.1 comes with improvements in regards to setting up Microsoft Exchange servers. The development team lists better support for IMAP/SMTP, better detection of Office 365 accounts, and re-run configuration after password change.


The new version of the email client fixes five issues that were detected in previous versions of the application:

  • Fixed an issue that prevented attachments with at least one space in the name to be opened under certain circumstances.
  • Fixed an issue that showed garbled content in the message display pane after changing view layouts under certain circumstances.
  • Fixed an issue that caused tags to be lost in shared IMAP folders under certain circumstances.
  • Theme changes to "achieve 'pixel perfection'".
  • Fixed the event attendee dialog in calendar.

Thunderbird users who run Thunderbird 68.x and have not updated yet to the new version are encouraged to do so right away to protect the client from attacks.



Source: Thunderbird 68.4.1 is a security update (gHacks - Martin Brinkmann)


[ News & Updates post here... Mozilla Thunderbird 68.4.1 ]

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...