Mozilla Didn't Forget Thunderbird, Updated it As Well
Article by George Norman
On 02 Mar 2011
Three updates were released by the Mozilla Foundation yesterday, the 1st of March, the 1st day of spring. The Mozilla Foundation released Firefox 3.6.14 and Firefox 3.5.17 to fix multiple stability and security issues. The Mozilla Foundation also released Thunderbird 3.1.8, to address some stability and security issues as well.

"An update for Thunderbird 3.1.8 is now available for Windows, Mac, and Linux for free download from This release makes several improvements to Thunderbird’s performance, stability, and security. Thunderbird 3.0.11 was the last security and stability update for Thunderbird 3.0.x. Thunderbird 3.0.x users will be prompted and encouraged to start using Thunderbird 3.1," announced Mozilla Messaging’s Mark Banner.


Firefox 3.6.4 and Firefox 3.5.17 came accompanied by a grand total of 10 security advisories, out of which 1 was rated moderate, 1 was rated high, and 8 were rated critical. Thunderbird 3.1.8 didn’t come accompanied by so many security advisories as Firefox; it came accompanied by 3 security advisories, 1 rated moderate and 2 rated critical.

I’ve said it before and I am going to say it again. The critical rating is given to vulnerabilities that could be exploited by someone with malicious intent to run attacker code and install software on a targeted machine with no interaction from the user, beyond normal browsing of course.

If you’re interested to learn more about the advisories that accompany Thunderbird 3.1.8, here are the details Mozilla made public:

Title: MFSA 2011-01 Miscellaneous memory safety hazards (rv:
Rating: Critical.
Description: Several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
Affected software: Firefox, Thunderbird, SeaMonkey.
Credit: Mozilla developers and community.

Title: MFSA 2011-09 Crash caused by corrupted JPEG image
Rating: Critical.
Description: A JPEG image could be constructed that would be decoded incorrectly, causing data to be written past the end of a buffer created to store the image. An attacker could potentially craft such an image that would cause malicious code to be stored in memory and then later executed on a victim's computer.
Affected software: Firefox, Thunderbird, SeaMonkey.
Credit: Jordi Chancel.

Title: MFSA 2011-08 ParanoidFragmentSink allows javascript: URLs in chrome
Description: ParanoidFragmentSink, a class used to sanitize potentially unsafe HTML for display, allows javascript: URLs and other inline JavaScript when the embedding document is a chrome document. While there are no unsafe uses of this class in any released products, extension code could have potentially used it in an unsafe manner.
Affected software: Firefox, Thunderbird, SeaMonkey.
Credit: Roberto Suggi Liverani.

Tags: Mozilla, Thunderbird, Security, Update, Thunderbird 3.1.8
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Mozilla Didn't Forget Thunderbird, Updated it As Well
HTML Linking Code