Thunderbird 3.0.2 Plugs Critical Security Holes
Mozilla’s email client has been updated to version 3.0.2 last week. If you’re currently riding the Thunderbird 3.0 train, you are well advised to upgrade. Thunderbird 3.0.2 comes with several fixes to IMAP, fixes some issues 2.0 users upgrading to version 3.0 were experiencing, and plugs some critical security holes.
Just to put things in perspective, Mozilla rates a vulnerability as critical only when a person with malicious intent can exploit it to run attacker code and install software on the targeted machine – with no user interaction whatsoever. Here are the security advisories related to the Thunderbird 3.0.2 update: Title: Use-after-free crash in HTML parser
Description: The HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called.
Credit: Alin Rad Pop of Secunia Research Title: Crashes with evidence of memory corruption (rv:1.9.1.8/ 1.9.0.18)
Description: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
Credit: Mozilla developers and community
The final version of Thunderbird 3.0 was released back in December. If you’re currently using an older Thunderbird version, you could use this occasion to upgrade. You will not regret it; Thunderbird 3.0 comes with the following:
Update 2 March 2010: Thunderbird 3.0.3 has been rolled out. The update comes with a “fix for missing folders or empty folder pane after updating to Thunderbird 3.0.2”.
Download the software here. Check out the release notes here.
Tags: Mozilla, Thunderbird, Update
Just to put things in perspective, Mozilla rates a vulnerability as critical only when a person with malicious intent can exploit it to run attacker code and install software on the targeted machine – with no user interaction whatsoever. Here are the security advisories related to the Thunderbird 3.0.2 update: Title: Use-after-free crash in HTML parser
Description: The HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called.
Credit: Alin Rad Pop of Secunia Research Title: Crashes with evidence of memory corruption (rv:1.9.1.8/ 1.9.0.18)
Description: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
Credit: Mozilla developers and community
Advertising
The final version of Thunderbird 3.0 was released back in December. If you’re currently using an older Thunderbird version, you could use this occasion to upgrade. You will not regret it; Thunderbird 3.0 comes with the following:
- - New Search with Advanced Filtering Tools
- - New Global Search Field with Autocomplete
- - New Mail Account Setup Wizard
- - Redesigned Mail Toolbar
- - Tabbed Email Messages
- - Smart Folders
- - New Message Summary View
- - Column Headings
- - Message Archive
- - Activity Manager
- - New Add-ons Manager
- - Improved Address Book
- - Improved Gmail Integration
- - Integrated with Vista search results (Windows version only)
- - Integrated with Spotlight (Mac OS X version only)
- - Thunderbird 3 can import from Mail.app, can read your OS X address book, and can use Growl for new mail alerts (Mac OS X version only)
- - IMAP Folder Synchronization
Update 2 March 2010: Thunderbird 3.0.3 has been rolled out. The update comes with a “fix for missing folders or empty folder pane after updating to Thunderbird 3.0.2”.
Download the software here. Check out the release notes here.
Tags: Mozilla, Thunderbird, Update
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 28 May 2012
Mozilla introduced a new program meant to educate millions of people, the Mozilla Webmaker program.
By George Norman on 26 May 2012
Piriform updated its products, making CCleaner less annoying and Defraggler a lot faster.Related News
By George Norman on 27 Jan 2012
We all start the year with resolutions, such as “this year I’m going to more carefully watch what I eat”, or “this year I will try to be less stressed”. Most times we discard these resolutions just as easily as 
By George Norman on 31 Jan 2012
Mozilla Labs, the place where Mozilla’s developers experiment with all sort of crazy ideas, introduced a new and interesting project that has a mouthwatering name: Pancake
By George Norman on 02 Feb 2012
Version 10.0 of the very popular Firefox web browser has been released to the web. This new version comes with a
By George Norman on 23 Apr 2012
Even though the Mozilla Foundation has not officially released the final version of Firefox 12 to the masses, Firefox v. 12.0 final is already out there and available for downloadAdvertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
Thunderbird 3.0.2 Plugs Critical Security Holes
HTML Linking Code
HTML Linking Code