76 replies to this topic

[AplusWebMaster]

FYI...

Thunderbird v2.0.0.12 released
- http://www.mozilla.c...US/thunderbird/
Release Date: February 26, 2008

Release Notes:
- http://www.mozilla.c...2/releasenotes/

Security issues fixed:
- http://www.mozilla.o...derbird2.0.0.12

- http://developer.moz...-now-available/
"Please note: If you’re still using Thunderbird 1.5.0.x, this version is no longer supported and contains known security vulnerabilities. Please upgrade to Thunderbird 2 by downloading Thunderbird 2.0.0.12.."

Edited by AplusWebMaster, 27 February 2008 - 10:53 AM.

[AplusWebMaster]

FYI...

Thunderbird v2.0.0.16 released
- http://www.mozilla.com/thunderbird/
Thunderbird - email client from Mozilla
July 23, 2008
2.0.0.16 for Windows (6.4MB)

Security Update - The following security issues have been fixed:
- http://www.mozilla.o...derbird2.0.0.16


//

[AplusWebMaster]

FYI...

Thunderbird 2.0.0.17 released
- http://www.mozilla.com/thunderbird/
Sep. 25, 2008

Download
- http://www.mozilla.c...erbird/all.html

Release Notes
- http://www.mozilla.c...7/releasenotes/

Known Issues
- http://www.mozilla.c...senotes/#issues

Security Issues fixed
- http://www.mozilla.o...derbird2.0.0.17

[AplusWebMaster]

FYI...

Thunderbird v2.0.0.18 released
- http://www.mozilla.com/thunderbird/
Nov. 19, 2008

Release notes:
- http://www.mozilla.c...8/releasenotes/

Known Issues:
- http://www.mozilla.c...senotes/#issues

Security Advisories:
- http://www.mozilla.o...derbird2.0.0.18
Fixed in Thunderbird 2.0.0.18
MFSA 2008-59 Script access to .documentURI and .textContent in mail
MFSA 2008-58 Parsing error in E4X default namespace
MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
MFSA 2008-55 Crash and remote code execution in nsFrameManager
MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18 )
MFSA 2008-50 Crash and remote code execution via __proto__ tampering
MFSA 2008-48 Image stealing via canvas and HTTP redirect ...

[AplusWebMaster]

FYI...

Thunderbird v2.0.0.19 released
- http://www.mozilla.com/thunderbird/

What's New in Thunderbird 2.0.0.19
- http://www.mozilla.c...9/releasenotes/
December 30, 2008

Fixed in Thunderbird 2.0.0.19
- http://www.mozilla.o...derbird2.0.0.19
MFSA 2008-68 XSS and JavaScript privilege escalation
MFSA 2008-67 Escaped null characters ignored by CSS parser
MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
MFSA 2008-65 Cross-domain data theft via script redirect error message
MFSA 2008-64 XMLHttpRequest 302 response disclosure
MFSA 2008-61 Information stealing via loadBindingDocument
MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)

[AplusWebMaster]

FYI...

Thunderbird v2.0.0.21 released
- http://www.mozillame...US/thunderbird/
March 18, 2009

Fixed in Thunderbird 2.0.0.21
- http://www.mozilla.o...derbird2.0.0.21
MFSA 2009-10 Upgrade PNG library to fix memory safety hazards
MFSA 2009-09 XML data theft via RDFXMLDataSource and cross-domain redirect
MFSA 2009-07 Crashes with evidence of memory corruption (rv:1.9.0.7)
MFSA 2009-01 Crashes with evidence of memory corruption (rv:1.9.0.6)

- http://secunia.com/advisories/33802/2/
Last Update: 2009-03-20
Critical: Highly critical
Impact: Security Bypass, Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch ...
Solution: Update to version 2.0.0.21...
CVE reference:
http://web.nvd.nist....d=CVE-2009-0040
http://web.nvd.nist....d=CVE-2009-0352
http://web.nvd.nist....d=CVE-2009-0353
http://web.nvd.nist....d=CVE-2009-0772
http://web.nvd.nist....d=CVE-2009-0774
http://web.nvd.nist....d=CVE-2009-0776

[AplusWebMaster]

FYI...

Thunderbird 2.0.0.22 released
- http://www.mozillame...om/thunderbird/
June 22, 2009

- http://secunia.com/advisories/35440/2/
Last Update: 2009-06-23
Critical: Highly critical
Impact: Security Bypass, Spoofing, DoS, System access
Where: From remote...
Solution: Update to version 2.0.0.22, which fixes some of the vulnerabilities...

- http://www.mozilla.o...derbird2.0.0.22
Fixed in Thunderbird 2.0.0.22
MFSA 2009-33 Crash viewing multipart/alternative message with text/enhanced part
MFSA 2009-32 JavaScript chrome privilege escalation
MFSA 2009-29 Arbitrary code execution using event listeners attached to an element whose owner document is null
MFSA 2009-27 SSL tampering via non-200 responses to proxy CONNECT requests
MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)
MFSA 2009-17 Same-origin violations when Adobe Flash loaded via view-source: scheme
MFSA 2009-14 Crashes with evidence of memory corruption (rv:1.9.0.9)

[AplusWebMaster]

FYI...

Thunderbird v2.0.0.23 released
- http://www.mozillame...om/thunderbird/
August 20, 2009

- http://www.mozilla.o...derbird2.0.0.23
Fixed in Thunderbird 2.0.0.23
MFSA 2009-42 Compromise of SSL-protected communication
- http://www.mozilla.o...fsa2009-42.html

- http://secunia.com/advisories/36125/2/
Last Update: 2009-08-21
Critical: Highly critical
Impact: Security Bypass, DoS, System access
Where: From remote
Solution Status: Partial Fix
Software: Mozilla SeaMonkey 1.1.x, Mozilla Thunderbird 2.x
Solution: Update to Mozilla Thunderbird version 2.0.0.23, which fixes the security bypass vulnerability...

- http://www.fourmilab...-08/001175.html
August 21, 2009 - "... What appears to have happened is that this security update, which is being deployed across all Mozilla Foundation products, has changed the rules for security certificates generated with wildcards. While a certificate generated for “*.fourmilab.ch” would previously be accepted for a machine with a name such as “ceres.lan.fourmilab.ch” (the mail server), now the warning pops up on every such connection. This is going to strike lots of people who use a common site-wide certificate across all the machines in a server farm, or use a single server to host sites in several different domains. Fortunately, there is a Thunderbird add-on, “Remember Mismatched Domains”*, which adds a check box to the warning dialogue which allows accepting the “mismatch” and not warning further about that specific mismatch. This add-on has already been downloaded more than 125,000 times, and methinks it's about become even more popular in the near future. Just download and install the add-on, accept the domain(s) which are generating the warning, and you're back in business."
* https://addons.mozil...bird/addon/2131

Edited by AplusWebMaster, 22 August 2009 - 04:54 AM.
"Add-on" notes...

[AplusWebMaster]

FYI...

Thunderbird 3 released
- http://en-gb.www.moz...GB/thunderbird/

- http://www.mozillame...0/releasenotes/
December 8, 2009 - "... installing Thunderbird 3 may overwrite your existing installation of Thunderbird on Linux. Windows and Mac OS X will install to different locations, however it is recommended that you check the messages during installation. For all systems, you won't lose any of your messages or address books, but some of your extensions and other add-ons might not work until updates for them are made available. Users are highly encouraged to install Thunderbird 3 in another folder (on Windows, this is done using Custom Install) and backup their profiles before testing Thunderbird 3..."

- http://www.theinquir...erbird-released

- http://securityreaso...ecurityalert/78
Affected Software: Thunderbird 2.0.0.23
Fixed in: Thunderbird 3.0

Edited by AplusWebMaster, 11 December 2009 - 04:07 PM.

[AplusWebMaster]

FYI...

Thunderbird v.3.0.3 released
- http://www.mozillame...3/releasenotes/
March 1, 2010 - "Thunderbird 3.0.3 fixes the following issue in Thunderbird 3.0.2:
* Fix for missing folders or empty folder pane after updating to Thunderbird 3.0.2..."

- http://www.mozillame...2/releasenotes/
v.3.0.2 , released February 25, 2010

- http://www.mozilla.o...hunderbird3.0.2
Fixed in Thunderbird 3.0.2
MFSA 2010-03 Use-after-free crash in HTML parser
MFSA 2010-01 Crashes with evidence of memory corruption (rv:1.9.1.8/ 1.9.0.18)

- http://www.mozilla.o...fsa2010-03.html

- http://www.mozilla.o...fsa2010-01.html

[AplusWebMaster]

FYI...

Thunderbird v3.0.4 released
- https://developer.mo...-free-download/
March 30, 2010 - "As part of Mozilla’s ongoing security and stability update process, Thunderbird 3.0.4 is now available for Windows, Mac, and Linux for free download from http://getthunderbird.com/ . We strongly recommend that all Thunderbird users upgrade to this release... You can also manually fetch this update by selecting 'Check for Updates...' from the Help menu. For a list of changes and more information, please review the Thunderbird release notes*."
* http://www.mozillame...4/releasenotes/

[AplusWebMaster]

FYI...

Thunderbird v3.1 released
- http://www.mozillame...1/releasenotes/
June 24, 2010 - "... based on the Gecko 1.9.2 platform to provide improved performance, stability, web compatibility, and code simplification and sustainability...
Thunderbird 3.1 no longer supports versions of Windows prior to Windows 2000 (e.g. Windows 95, 98, ME, and NT) and Mac OS X versions prior to 10.4 Tiger. Linux requirements have also changed..."

- http://www.mozillame...erbird/all.html

[AplusWebMaster]

FYI...

Thunderbird v.3.1.1 released...
- http://secunia.com/advisories/40642/
Release Date: 2010-07-21
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote ...
Software: Mozilla Thunderbird 3.0.x, Mozilla Thunderbird 3.1.x
Solution: Update to Thunderbird 3.0.6 and 3.1.1.

- http://www.mozillame...1/releasenotes/
July 20, 2010

- http://www.mozillame...erbird/all.html

- http://securitytrack...ul/1024229.html
July 21, 2010

[AplusWebMaster]

FYI...

Thunderbird v3.1.3 released
- http://secunia.com/advisories/41304/
Release Date : 2010-09-08
Criticality level: Highly critical
Impact: Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote
CVE Reference(s): CVE-2010-2760, CVE-2010-2762, CVE-2010-2763, CVE-2010-2764, CVE-2010-2765, CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769, CVE-2010-2770, CVE-2010-3166, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169
Solution: Update to version 3.1.3 or 3.0.7...

- http://www.mozillame...3/releasenotes/
v.3.1.3, released September 7, 2010

- http://www.mozillame...erbird/all.html

- http://securitytrack...ep/1024403.html
- http://securitytrack...ep/1024407.html
Sep 8 2010

[AplusWebMaster]

FYI...

Thunderbird v3.1.4 released
- http://www.mozillame...erbird/all.html

- http://www.mozillame...4/releasenotes/
v.3.1.4, released September 16, 2010
• Several fixes to improve stability.
• Several fixes to improve the user interface.

- https://bugzilla.moz...e0-0-0=.4-fixed
4 bugs fixed.