Karlston Posted January 14, 2020 Share Posted January 14, 2020 Thunderbird 68.4.1 is a security update Thunderbird 68.4.1 was released a couple of days ago. The new version is a security update for the email client that patches a security vulnerability that is exploited in the wild as well as other security issues in the program. Thunderbird users who are running a 68.x version of the email client should receive the update automatically provided that automatic updating has not been turned off in the client. A manual check for updates via Help > About Thunderbird in the client should pick up the new update right away so that it can be installed. As far as security is concerned, Thunderbird 68.4.1 fixes a total of seven different security vulnerabilities; one of them rated critical, the highest severity rating, others high or moderate, the second and third highest severity rating available. CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement CVE-2019-17015: Memory corruption in parent process during new content process initialization on Windows CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting CVE-2019-17017: Type Confusion in XPCVariant.cpp CVE-2019-17021: Heap address disclosure in parent process during content process initialization on Windows CVE-2019-17022: CSS sanitization does not escape HTML tags CVE-2019-17024: Memory safety bugs fixed in Thunderbird 68.4.1 The critical security vulnerability is the same that Mozilla patched earlier this month in Firefox. Since Thunderbird relies on Firefox code, it is often affected by issues that affect the web browser. Thunderbird 68.4.1 comes with improvements in regards to setting up Microsoft Exchange servers. The development team lists better support for IMAP/SMTP, better detection of Office 365 accounts, and re-run configuration after password change. The new version of the email client fixes five issues that were detected in previous versions of the application: Fixed an issue that prevented attachments with at least one space in the name to be opened under certain circumstances. Fixed an issue that showed garbled content in the message display pane after changing view layouts under certain circumstances. Fixed an issue that caused tags to be lost in shared IMAP folders under certain circumstances. Theme changes to "achieve 'pixel perfection'". Fixed the event attendee dialog in calendar. Thunderbird users who run Thunderbird 68.x and have not updated yet to the new version are encouraged to do so right away to protect the client from attacks. Source: Thunderbird 68.4.1 is a security update (gHacks - Martin Brinkmann) [ News & Updates post here... Mozilla Thunderbird 68.4.1 ] Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.