76 replies to this topic

[AplusWebMaster]

FYI...

Thunderbird v15.0 released
- https://www.mozilla.....0/releasenotes
August 28, 2012 ... See Known Issues

Security Advisories
- https://www.mozilla....l#thunderbird15
Fixed in Thunderbird 15 ...

Bugs fixed
- https://www.mozilla....es/buglist.html

Download
- https://www.mozilla....erbird/all.html
___

- http://www.securityt....com/id/1027452
CVE Reference: CVE-2012-1956, CVE-2012-1970, CVE-2012-1971, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964, CVE-2012-3966, CVE-2012-3967, CVE-2012-3968, CVE-2012-3969, CVE-2012-3970, CVE-2012-3971, CVE-2012-3972, CVE-2012-3974, CVE-2012-3975, CVE-2012-3978, CVE-2012-3980
Aug 29 2012
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): prior to ESR 10.0.7; prior to 15.0

- https://secunia.com/advisories/50308/
Release Date: 2012-08-29
Criticality level: Highly critical
Impact: Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
Where: From remote...
For more information: https://secunia.com/SA50088/
Solution: Upgrade to version 15...
___

- http://h-online.com/-1677823
29 August 2012

[AplusWebMaster]

FYI...

Thunderbird v16.0.1 released
- https://www.mozilla.....1/releasenotes
October 11, 2012 ... See Known Issues

Download
- https://www.mozilla....erbird/all.html

Security Advisories
- https://www.mozilla....underbird16.0.1
Fixed in Thunderbird 16.0.1
MFSA 2012-89 defaultValue security checks not applied
MFSA 2012-88 Miscellaneous memory safety hazards (rv:16.0.1)

- https://web.nvd.nist...d=CVE-2012-4190 - 10.0 (HIGH)
- https://web.nvd.nist...d=CVE-2012-4191 - 10.0 (HIGH)
- https://web.nvd.nist...d=CVE-2012-4192 - 4.3
- https://web.nvd.nist...d=CVE-2012-4193 - 9.3 (HIGH)
___

Bugs fixed
- https://www.mozilla....es/buglist.html
___

- http://www.securityt....com/id/1027652
CVE Reference: CVE-2012-4190, CVE-2012-4191
Oct 12 2012
Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (16.0.1).

- https://secunia.com/advisories/50932/
Last Update: 2012-10-12
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote
CVE Reference(s): CVE-2012-4190, CVE-2012-4191, CVE-2012-4192, CVE-2012-4193
... vulnerabilities are reported in Firefox and Thunderbird versions -prior- to 16.0.1 and SeaMonkey versions -prior- to 2.13.1.
Solution: Update Firefox and Thunderbird to versions 16.0.1 and SeaMonkey to version 2.13.1.

Edited by AplusWebMaster, 15 October 2012 - 06:49 AM.

[AplusWebMaster]

FYI...

Thunderbird v17.0 released
- https://www.mozilla.....0/releasenotes
Nov 20, 2012

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download
- https://www.mozilla....erbird/all.html

Security Advisories
- https://www.mozilla......thunderbird17
___

- http://www.securityt....com/id/1027793
CVE Reference: CVE-2012-4201, CVE-2012-4202, CVE-2012-4204, CVE-2012-4205, CVE-2012-4207, CVE-2012-4208, CVE-2012-4209, CVE-2012-4212, CVE-2012-4213, CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-4217, CVE-2012-4218, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5836, CVE-2012-5838, CVE-2012-5839, CVE-2012-5840, CVE-2012-5841, CVE-2012-5842, CVE-2012-5843
Nov 21 2012
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Solution: The vendor has issued a fix (17.0)...

- https://secunia.com/advisories/51358/
Release Date: 2012-11-21
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, System access
Where: From remote...
Solution: Upgrade to version 17.0.

Edited by AplusWebMaster, 22 November 2012 - 03:10 AM.

[AplusWebMaster]

FYI...

Thunderbird v17.0.2 released
- https://www.mozilla.....2/releasenotes
Jan 8 2013

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download
- https://www.mozilla....erbird/all.html

Security Advisories
- https://www.mozilla....underbird17.0.2

- http://www.securityt....com/id/1027957
CVE Reference: CVE-2013-0743, CVE-2013-0744, CVE-2013-0745, CVE-2013-0746, CVE-2013-0747, CVE-2013-0748, CVE-2013-0749, CVE-2013-0750, CVE-2013-0752, CVE-2013-0753, CVE-2013-0754, CVE-2013-0755, CVE-2013-0756, CVE-2013-0757, CVE-2013-0758, CVE-2013-0759, CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0764, CVE-2013-0766, CVE-2013-0767, CVE-2013-0768, CVE-2013-0769, CVE-2013-0770, CVE-2013-0771
Jan 9 2013
Impact: Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 17.0.2

[AplusWebMaster]

FYI...

Thunderbird 17.0.3 released
- https://www.mozilla.....3/releasenotes
Feb 19, 2013

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download
- https://www.mozilla....erbird/all.html

Security Advisories
- https://www.mozilla....underbird17.0.3

- http://www.securityt....com/id/1028165
CVE Reference: CVE-2013-0765, CVE-2013-0772, CVE-2013-0773, CVE-2013-0774, CVE-2013-0775, CVE-2013-0776, CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782, CVE-2013-0783, CVE-2013-0784
Feb 20 2013
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 17.0.3

[AplusWebMaster]

FYI...

Thunderbird v17.0.5 released
- https://www.mozilla.....5/releasenotes
April 2, 2013
FIXED - Security fixes* ...
FIXED - Adjusting font size when composing emails should be easier (Bug 824926)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....erbird/all.html

Fixed in Thunderbird 17.0.5
* https://www.mozilla....underbird17.0.5
MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
MFSA 2013-34 Privilege escalation through Mozilla Updater
MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
MFSA 2013-31 Out-of-bounds write in Cairo library
MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)

- http://www.securityt....com/id/1028382
CVE Reference: CVE-2013-0788, CVE-2013-0789, CVE-2013-0790, CVE-2013-0791, CVE-2013-0793, CVE-2013-0795, CVE-2013-0796, CVE-2013-0797, CVE-2013-0799, CVE-2013-0800
Apr 3 2013
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 17.0.5

[AplusWebMaster]

FYI...

Thunderbird v17.0.6 released
- https://www.mozilla.....6/releasenotes
May 14, 2013

- https://www.mozilla....underbird17.0.6
Fixed in Thunderbird 17.0.6
MFSA 2013-48 Memory corruption found using Address Sanitizer
MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent
MFSA 2013-46 Use-after-free with video and onresize event
MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service
MFSA 2013-42 Privileged access for content level constructor
MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....erbird/all.html

- https://secunia.com/advisories/53443/
Release Date: 2013-05-15
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote ...
For more information: https://secunia.com/SA53400/
... vulnerabilities are reported in versions prior to 17.0.6.
Solution: Update to version 17.0.6.

- http://www.securityt....com/id/1028559
CVE Reference: CVE-2013-0801, CVE-2013-1669, CVE-2013-1670, CVE-2013-1672, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681
May 14 2013
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 17.0.6

Edited by AplusWebMaster, 15 May 2013 - 03:54 AM.

[AplusWebMaster]

FYI...

Thunderbird v17.0.7 released
- https://www.mozilla.....7/releasenotes
June 25, 2013

- https://www.mozilla....underbird17.0.7
Fixed in Thunderbird 17.0.7
MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
MFSA 2013-56 PreserveWrapper has inconsistent behavior
MFSA 2013-55 SVG filters can lead to information disclosure
MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
MFSA 2013-51 Privileged content access and execution via XBL
MFSA 2013-50 Memory corruption found using Address Sanitizer
MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....erbird/all.html
___

- https://secunia.com/advisories/53953/
Release Date: 2013-06-26
Criticality level: Highly Critical
Impact: Security Bypass, Exposure of sensitive information, System access
... vulnerabilities are reported in versions prior to 17.0.7.
Solution: Update to version 17.0.7.

- http://www.securityt....com/id/1028704
CVE Reference: CVE-2013-1682, CVE-2013-1683, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1697
Jun 26 2013
Impact: Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 17.0.7 ...

Edited by AplusWebMaster, 26 June 2013 - 09:05 AM.

[AplusWebMaster]

FYI...

Thunderbird v17.0.8 released
- https://www.mozilla.....8/releasenotes
August 6, 2013

Security Advisories
- https://www.mozilla....underbird17.0.8
Fixed in Thunderbird 17.0.8
MFSA 2013-75 Local Java applets may read contents of local file system
MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....erbird/all.html
___

- http://www.securityt....com/id/1028887
CVE Reference: CVE-2013-1701, CVE-2013-1702, CVE-2013-1706, CVE-2013-1707, CVE-2013-1709, CVE-2013-1710, CVE-2013-1712, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717
Aug 6 2013
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 17.0.8 ...

- https://secunia.com/advisories/54413/
Release Date: 2013-08-07
Criticality: Highly Critical
Where: From remote
Impact: Security Bypass, Spoofing, Exposure of sensitive information, Privilege escalation, System access
... vulnerabilities are reported in the following products:
* Mozilla Thunderbird and Thunderbird ESR versions prior to 17.0.8...

Edited by AplusWebMaster, 11 August 2013 - 07:32 PM.

[AplusWebMaster]

FYI...

Thunderbird v24.0 released
- https://www.mozilla....0/releasenotes/
Sep 17, 2013

Security Advisories
- https://www.mozilla....thunderbird24.0
Fixed in Thunderbird 24.0
MFSA 2013-92 GC hazard with default compartments and frame chain restoration
MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-85 Uninitialized data in IonMonkey
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-81 Use-after-free with select element
MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....erbird/all.html
___

- http://www.securityt....com/id/1029044
CVE Reference: CVE-2013-1718, CVE-2013-1719, CVE-2013-1720, CVE-2013-1722, CVE-2013-1723, CVE-2013-1724, CVE-2013-1726, CVE-2013-1728, CVE-2013-1730, CVE-2013-1732, CVE-2013-1735, CVE-2013-1736, CVE-2013-1737, CVE-2013-1738
Sep 17 2013
Impact: Denial of service via network, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 24.0; prior to ESR 17.0.9...

[AplusWebMaster]

FYI...

Thunderbird 24.1.1
- https://www.mozilla....underbird24.1.1
Fixed in Thunderbird 24.1.1
MFSA 2013-103 Miscellaneous Network Security Services (NSS) vulnerabilities
- https://www.mozilla....sa2013-103.html

 

- https://www.mozilla....1/releasenotes/
Nov 19, 2013
___

Thunderbird v24.1 released
- https://www.mozilla....1/releasenotes/
Oct 29, 2013

Security Advisories
- https://www.mozilla....thunderbird24.1
Fixed in Thunderbird 24.1
MFSA 2013-102 Use-after-free in HTML document templates
MFSA 2013-101 Memory corruption in workers
MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
MFSA 2013-98 Use-after-free when updating offline cache
MFSA 2013-97 Writing to cycle collected object during image decoding
MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
MFSA 2013-95 Access violation with XSLT and uninitialized data
MFSA 2013-94 Spoofing addressbar though SELECT element
MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....erbird/all.html
___

- https://secunia.com/advisories/55489/
Release Date: 2013-10-30
Criticality: Highly Critical
Where: From remote
Impact: Spoofing, System access
... see the vendor's advisories for a list of affected products and versions.
Solution: Update to a fixed version...

- http://www.securityt....com/id/1029272
CVE Reference: CVE-2013-5590, CVE-2013-5591, CVE-2013-5592, CVE-2013-5593, CVE-2013-5595, CVE-2013-5596, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5603, CVE-2013-5604
Oct 30 2013
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 24.1 ...
Solution: The vendor has issued a fix (24.1)...

Edited by AplusWebMaster, 21 November 2013 - 07:12 AM.

[AplusWebMaster]

FYI...

Thunderbird 24.2 released

- https://www.mozilla....0/releasenotes/
Dec 10, 2013

Security Advisories
- https://www.mozilla....thunderbird24.2
Fixed in Thunderbird 24.2
MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
MFSA 2013-116 JPEG information leak
MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
MFSA 2013-114 Use-after-free in synthetic mouse movement
MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
MFSA 2013-111 Segmentation violation when replacing ordered list elements
MFSA 2013-109 Use-after-free during Table Editing
MFSA 2013-108 Use-after-free in event listeners
MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....erbird/all.html
___

- https://secunia.com/advisories/56002/
Release Date: 2013-12-10
Criticality: Highly Critical
Where: From remote
Impact: Unknown, Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access
CVE Reference(s): CVE-2013-5609, CVE-2013-5610, CVE-2013-5612, CVE-2013-5613, CVE-2013-5614, CVE-2013-5615, CVE-2013-5616, CVE-2013-5618, CVE-2013-5619, CVE-2013-6629, CVE-2013-6630, CVE-2013-6671, CVE-2013-6672, CVE-2013-6673
Solution: Update to a fixed version.
 

Edited by AplusWebMaster, 11 December 2013 - 03:35 AM.

[AplusWebMaster]

FYI...

Thunderbird v24.3.0 released
- http://www.securityt....com/id/1029721
CVE Reference: CVE-2014-1477, CVE-2014-1478, CVE-2014-1479, CVE-2014-1481, CVE-2014-1482, CVE-2014-1486, CVE-2014-1487, CVE-2014-1490, CVE-2014-1491
Feb 5 2014
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 24.3 ...
Solution: The vendor has issued a fix (24.3)...
- https://www.mozilla....-US/thunderbird

Release Notes
- https://www.mozilla....0/releasenotes/

Security Advisories
- https://www.mozilla....thunderbird24.3
MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
MFSA 2014-12 NSS ticket handling issues
MFSA 2014-09 Cross-origin information leak through web workers
MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
MFSA 2014-04 Incorrect use of discarded images by RasterImage
MFSA 2014-02 Clone protected content with XBL scopes
MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....erbird/all.html
 

Edited by AplusWebMaster, 05 February 2014 - 10:11 AM.

[AplusWebMaster]

FYI...

Thunderbird 24.4 released
- http://www.securityt....com/id/1029930
CVE Reference: CVE-2014-1493, CVE-2014-1494, CVE-2014-1496, CVE-2014-1497, CVE-2014-1499, CVE-2014-1505, CVE-2014-1508, CVE-2014-1509, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514
Mar 19 2014
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 24.4
- https://www.mozilla.org/thunderbird

Release Notes
- https://www.mozilla....0/releasenotes/

Security Advisories
- https://www.mozilla....thunderbird24.4
MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
MFSA 2014-30 Use-after-free in TypeObject
MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
MFSA 2014-26 Information disclosure through polygon rendering in MathML
MFSA 2014-17 Out of bounds read during WAV file decoding
MFSA 2014-16 Files extracted during updates are not always read only
MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....erbird/all.html
 

[AplusWebMaster]

FYI...

Thunderbird 24.5.0 released
- http://www.securityt....com/id/1030165
CVE Reference: CVE-2014-1520, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532
Apr 30 2014
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 24.5.0 ...
Solution: The vendor has issued a fix (24.5.0)...

- https://www.mozilla....-US/thunderbird

Release Notes
- https://www.mozilla....0/releasenotes/

Security Advisories
- https://www.mozilla....thunderbird24.5
Fixed in Thunderbird 24.5
MFSA 2014-46 Use-after-free in nsHostResolve
MFSA 2014-44 Use-after-free in imgLoader while resizing images
MFSA 2014-43 Cross-site scripting (XSS) using history navigations
MFSA 2014-42 Privilege escalation through Web Notification API
MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
MFSA 2014-37 Out of bounds read while decoding JPG images
MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer
MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....erbird/all.html