Thunderbird 3.0.2 Plugs Critical Security Holes
Article by George Norman
On 01 Mar 2010
Mozilla’s email client has been updated to version 3.0.2 last week. If you’re currently riding the Thunderbird 3.0 train, you are well advised to upgrade. Thunderbird 3.0.2 comes with several fixes to IMAP, fixes some issues 2.0 users upgrading to version 3.0 were experiencing, and plugs some critical security holes.

Just to put things in perspective, Mozilla rates a vulnerability as critical only when a person with malicious intent can exploit it to run attacker code and install software on the targeted machine – with no user interaction whatsoever. Here are the security advisories related to the Thunderbird 3.0.2 update: Title: Use-after-free crash in HTML parser
Description: The HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called.
Credit: Alin Rad Pop of Secunia Research Title: Crashes with evidence of memory corruption (rv:1.9.1.8/ 1.9.0.18)
Description: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
Credit: Mozilla developers and community

Advertising

The final version of Thunderbird 3.0 was released back in December. If you’re currently using an older Thunderbird version, you could use this occasion to upgrade. You will not regret it; Thunderbird 3.0 comes with the following:
  • - New Search with Advanced Filtering Tools
  • - New Global Search Field with Autocomplete
  • - New Mail Account Setup Wizard
  • - Redesigned Mail Toolbar
  • - Tabbed Email Messages
  • - Smart Folders
  • - New Message Summary View
  • - Column Headings
  • - Message Archive
  • - Activity Manager
  • - New Add-ons Manager
  • - Improved Address Book
  • - Improved Gmail Integration
  • - Integrated with Vista search results (Windows version only)
  • - Integrated with Spotlight (Mac OS X version only)
  • - Thunderbird 3 can import from Mail.app, can read your OS X address book, and can use Growl for new mail alerts (Mac OS X version only)
  • - IMAP Folder Synchronization


Update 2 March 2010: Thunderbird 3.0.3 has been rolled out. The update comes with a “fix for missing folders or empty folder pane after updating to Thunderbird 3.0.2”.

Download the software here. Check out the release notes here.





Tags: Mozilla, Thunderbird, Update
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Thunderbird 3.0.2 Plugs Critical Security Holes
HTML Linking Code