Jump to content


Photo

Thunderbird updated


  • Please log in to reply
73 replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 24 July 2008 - 03:41 PM

FYI...

Thunderbird v2.0.0.16 released
- http://www.mozilla.com/thunderbird/
Thunderbird - email client from Mozilla
July 23, 2008
2.0.0.16 for Windows (6.4MB)

Security Update - The following security issues have been fixed:
- http://www.mozilla.o...derbird2.0.0.16


//

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 26 September 2008 - 02:57 AM

FYI...

Thunderbird 2.0.0.17 released
- http://www.mozilla.com/thunderbird/
Sep. 25, 2008

Download
- http://www.mozilla.c...erbird/all.html

Release Notes
- http://www.mozilla.c...7/releasenotes/

Known Issues
- http://www.mozilla.c...senotes/#issues

Security Issues fixed
- http://www.mozilla.o...derbird2.0.0.17

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#3 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 20 November 2008 - 11:35 AM

FYI...

Thunderbird v2.0.0.18 released
- http://www.mozilla.com/thunderbird/
Nov. 19, 2008

Release notes:
- http://www.mozilla.c...8/releasenotes/

Known Issues:
- http://www.mozilla.c...senotes/#issues

Security Advisories:
- http://www.mozilla.o...derbird2.0.0.18
Fixed in Thunderbird 2.0.0.18
MFSA 2008-59 Script access to .documentURI and .textContent in mail
MFSA 2008-58 Parsing error in E4X default namespace
MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
MFSA 2008-55 Crash and remote code execution in nsFrameManager
MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18 )
MFSA 2008-50 Crash and remote code execution via __proto__ tampering
MFSA 2008-48 Image stealing via canvas and HTTP redirect ...

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#4 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 31 December 2008 - 10:29 AM

FYI...

Thunderbird v2.0.0.19 released
- http://www.mozilla.com/thunderbird/

What's New in Thunderbird 2.0.0.19
- http://www.mozilla.c...9/releasenotes/
December 30, 2008

Fixed in Thunderbird 2.0.0.19
- http://www.mozilla.o...derbird2.0.0.19
MFSA 2008-68 XSS and JavaScript privilege escalation
MFSA 2008-67 Escaped null characters ignored by CSS parser
MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
MFSA 2008-65 Cross-domain data theft via script redirect error message
MFSA 2008-64 XMLHttpRequest 302 response disclosure
MFSA 2008-61 Information stealing via loadBindingDocument
MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#5 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 20 March 2009 - 03:56 AM

FYI...

Thunderbird v2.0.0.21 released
- http://www.mozillame...US/thunderbird/
March 18, 2009

Fixed in Thunderbird 2.0.0.21
- http://www.mozilla.o...derbird2.0.0.21
MFSA 2009-10 Upgrade PNG library to fix memory safety hazards
MFSA 2009-09 XML data theft via RDFXMLDataSource and cross-domain redirect
MFSA 2009-07 Crashes with evidence of memory corruption (rv:1.9.0.7)
MFSA 2009-01 Crashes with evidence of memory corruption (rv:1.9.0.6)

- http://secunia.com/advisories/33802/2/
Last Update: 2009-03-20
Critical: Highly critical
Impact: Security Bypass, Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch ...
Solution: Update to version 2.0.0.21...
CVE reference:
http://web.nvd.nist....d=CVE-2009-0040
http://web.nvd.nist....d=CVE-2009-0352
http://web.nvd.nist....d=CVE-2009-0353
http://web.nvd.nist....d=CVE-2009-0772
http://web.nvd.nist....d=CVE-2009-0774
http://web.nvd.nist....d=CVE-2009-0776

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#6 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 23 June 2009 - 10:07 PM

FYI...

Thunderbird 2.0.0.22 released
- http://www.mozillame...om/thunderbird/
June 22, 2009

- http://secunia.com/advisories/35440/2/
Last Update: 2009-06-23
Critical: Highly critical
Impact: Security Bypass, Spoofing, DoS, System access
Where: From remote...
Solution: Update to version 2.0.0.22, which fixes some of the vulnerabilities...

- http://www.mozilla.o...derbird2.0.0.22
Fixed in Thunderbird 2.0.0.22
MFSA 2009-33 Crash viewing multipart/alternative message with text/enhanced part
MFSA 2009-32 JavaScript chrome privilege escalation
MFSA 2009-29 Arbitrary code execution using event listeners attached to an element whose owner document is null
MFSA 2009-27 SSL tampering via non-200 responses to proxy CONNECT requests
MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)
MFSA 2009-17 Same-origin violations when Adobe Flash loaded via view-source: scheme
MFSA 2009-14 Crashes with evidence of memory corruption (rv:1.9.0.9)

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#7 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 21 August 2009 - 05:33 AM

FYI...

Thunderbird v2.0.0.23 released
- http://www.mozillame...om/thunderbird/
Aug. 21, 2009

- http://www.mozilla.o...derbird2.0.0.23
Fixed in Thunderbird 2.0.0.23
MFSA 2009-42 Compromise of SSL-protected communication
- http://www.mozilla.o...fsa2009-42.html

- http://secunia.com/advisories/36125/2/
Last Update: 2009-08-21
Critical: Highly critical
Impact: Security Bypass, DoS, System access
Where: From remote
Solution Status: Partial Fix
Software: Mozilla SeaMonkey 1.1.x, Mozilla Thunderbird 2.x
Solution: Update to Mozilla Thunderbird version 2.0.0.23, which fixes the security bypass vulnerability...

- http://www.fourmilab...-08/001175.html
August 21, 2009 - "... What appears to have happened is that this security update, which is being deployed across all Mozilla Foundation products, has changed the rules for security certificates generated with wildcards. While a certificate generated for “*.fourmilab.ch” would previously be accepted for a machine with a name such as “ceres.lan.fourmilab.ch” (the mail server), now the warning pops up on every such connection. This is going to strike lots of people who use a common site-wide certificate across all the machines in a server farm, or use a single server to host sites in several different domains. Fortunately, there is a Thunderbird add-on, “Remember Mismatched Domains”*, which adds a check box to the warning dialogue which allows accepting the “mismatch” and not warning further about that specific mismatch. This add-on has already been downloaded more than 125,000 times, and methinks it's about become even more popular in the near future. Just download and install the add-on, accept the domain(s) which are generating the warning, and you're back in business."
* https://addons.mozil...bird/addon/2131

:ph34r:

Edited by apluswebmaster, 22 August 2009 - 04:52 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#8 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 10 December 2009 - 04:38 AM

FYI...

Thunderbird 3 released
- http://en-gb.www.moz...GB/thunderbird/

- http://www.mozillame...0/releasenotes/
December 8, 2009 - "... installing Thunderbird 3 may overwrite your existing installation of Thunderbird on Linux. Windows and Mac OS X will install to different locations, however it is recommended that you check the messages during installation. For all systems, you won't lose any of your messages or address books, but some of your extensions and other add-ons might not work until updates for them are made available. Users are highly encouraged to install Thunderbird 3 in another folder (on Windows, this is done using Custom Install) and backup their profiles before testing Thunderbird 3..."

- http://www.theinquir...erbird-released

- http://securityreaso...ecurityalert/78
Affected Software: Thunderbird 2.0.0.23
Fixed in: Thunderbird 3.0

:!:

Edited by apluswebmaster, 11 December 2009 - 04:04 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#9 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 02 March 2010 - 06:03 AM

FYI...

Thunderbird v.3.0.3 released
- http://www.mozillame...3/releasenotes/
March 1, 2010 - "Thunderbird 3.0.3 fixes the following issue in Thunderbird 3.0.2:
* Fix for missing folders or empty folder pane after updating to Thunderbird 3.0.2..."

- http://www.mozillame...2/releasenotes/
v.3.0.2 , released February 25, 2010

- http://www.mozilla.o...hunderbird3.0.2
Fixed in Thunderbird 3.0.2
MFSA 2010-03 Use-after-free crash in HTML parser
MFSA 2010-01 Crashes with evidence of memory corruption (rv:1.9.1.8/ 1.9.0.18)

- http://www.mozilla.o...fsa2010-03.html

- http://www.mozilla.o...fsa2010-01.html

:ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#10 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 31 March 2010 - 02:16 PM

FYI...

Thunderbird v3.0.4 released
- https://developer.mo...-free-download/
March 30, 2010 - "As part of Mozilla’s ongoing security and stability update process, Thunderbird 3.0.4 is now available for Windows, Mac, and Linux for free download from http://getthunderbird.com/ . We strongly recommend that all Thunderbird users upgrade to this release... You can also manually fetch this update by selecting 'Check for Updates...' from the Help menu. For a list of changes and more information, please review the Thunderbird release notes*."
* http://www.mozillame...4/releasenotes/

:ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#11 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 26 June 2010 - 07:56 AM

FYI...

Thunderbird v3.1 released
- http://www.mozillame...1/releasenotes/
June 24, 2010 - "... based on the Gecko 1.9.2 platform to provide improved performance, stability, web compatibility, and code simplification and sustainability...
Thunderbird 3.1 no longer supports versions of Windows prior to Windows 2000 (e.g. Windows 95, 98, ME, and NT) and Mac OS X versions prior to 10.4 Tiger. Linux requirements have also changed..."

- http://www.mozillame...erbird/all.html

:ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#12 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 21 July 2010 - 03:28 PM

FYI...

Thunderbird v.3.1.1 released...
- http://secunia.com/advisories/40642/
Release Date: 2010-07-21
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote ...
Software: Mozilla Thunderbird 3.0.x, Mozilla Thunderbird 3.1.x
Solution: Update to Thunderbird 3.0.6 and 3.1.1.

- http://www.mozillame...1/releasenotes/
July 20, 2010

- http://www.mozillame...erbird/all.html

- http://securitytrack...ul/1024229.html
July 21, 2010

:ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#13 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 08 September 2010 - 06:16 AM

FYI...

Thunderbird v3.1.3 released
- http://secunia.com/advisories/41304/
Release Date : 2010-09-08
Criticality level: Highly critical
Impact: Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote
CVE Reference(s): CVE-2010-2760, CVE-2010-2762, CVE-2010-2763, CVE-2010-2764, CVE-2010-2765, CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769, CVE-2010-2770, CVE-2010-3166, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169
Solution: Update to version 3.1.3 or 3.0.7...

- http://www.mozillame...3/releasenotes/
v.3.1.3, released September 7, 2010

- http://www.mozillame...erbird/all.html

- http://securitytrack...ep/1024403.html
- http://securitytrack...ep/1024407.html
Sep 8 2010

:!:

Edited by apluswebmaster, 08 September 2010 - 06:21 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#14 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 17 September 2010 - 06:18 AM

FYI...

Thunderbird v3.1.4 released
- http://www.mozillame...erbird/all.html

- http://www.mozillame...4/releasenotes/
v.3.1.4, released September 16, 2010
• Several fixes to improve stability.
• Several fixes to improve the user interface.

- https://bugzilla.moz...e0-0-0=.4-fixed
4 bugs fixed.

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#15 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 20 October 2010 - 07:05 AM

FYI...

Thunderbird v3.1.5 released
- http://www.mozillame...erbird/all.html

- http://www.mozillame...5/releasenotes/
v.3.1.5, released October 19, 2010
• Several fixes to improve performance, stability and security, see the Security Advisory.
• Several fixes to improve the user interface and add-ons experience.

- https://bugzilla.moz...e0-0-0=.5-fixed
59 bugs found.

:ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#16 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 28 October 2010 - 06:57 AM

FYI...

Thunderbird v3.1.6 released
- http://secunia.com/advisories/41975/
Release Date: 2010-10-28
Criticality level: Moderately critical
Impact: System access
Where: From remote
Solution: Update to version 3.0.10 and 3.1.6.
Original Advisory: Mozilla:
http://www.mozilla.o...fsa2010-73.html

- http://www.securityt....com/id?1024651
Oct 28 2010

:ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#17 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 10 December 2010 - 06:40 AM

FYI...

Thunderbird v3.1.7 released
- http://www.mozillame...om/thunderbird/
released December 9, 2010

- http://www.mozillame...7/releasenotes/

- http://www.mozilla.o...hunderbird3.1.7
Fixed in Thunderbird 3.1.7
MFSA 2010-78 Add support for OTS font sanitizer
MFSA 2010-75 Buffer overflow while line breaking after document.write with long string
MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)

- https://bugzilla.moz...e0-0-0=.7-fixed
85 bugs fixed...

- http://secunia.com/advisories/42519/
Release Date: 2010-12-10
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 3.1.7 or 3.0.11.
Original Advisory:
http://www.mozilla.o...fsa2010-74.html
http://www.mozilla.o...fsa2010-75.html
http://www.mozilla.o...fsa2010-78.html

- http://www.securityt....com/id?1024846
Dec 10 2010

:ph34r:

Edited by AplusWebMaster, 10 December 2010 - 06:56 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#18 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 02 March 2011 - 06:41 AM

FYI...

Thunderbird v.3.1.8 released
- http://www.mozillame...8/releasenotes/
March 1st, 2011

Fixed in Thunderbird 3.1.8
- http://www.mozilla.o...hunderbird3.1.8

Buglist:
- https://bugzilla.moz...e0-0-0=.8-fixed
57 bugs found.

- http://www.mozillame...erbird/all.html
___

- http://secunia.com/advisories/43586/
Release Date: 2011-03-02
Criticality level: Highly critical
Impact: DoS, System access
Where: From remote
Solution: Update to version 3.1.8.
Original Advisory:
http://www.mozilla.o...fsa2011-01.html
http://www.mozilla.o...fsa2011-08.html
http://www.mozilla.o...fsa2011-09.html

- http://www.securityt....com/id/1025135
Mar 2 2011

:!:

Edited by AplusWebMaster, 02 March 2011 - 09:09 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#19 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 29 April 2011 - 07:42 AM

FYI...

Thunderbird v3.1.10 released
- http://www.mozillame...0/releasenotes/
April 28, 2011

- https://bugzilla.moz...0-0-2=.16-fixed
71 bugs found/fixed.

- http://www.securityt....com/id/1025458
Impact: Execution of arbitrary code via network, User access via network
CVE Reference: CVE-2011-0069, CVE-2011-0070, CVE-2011-0071, CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0079, CVE-2011-0080, CVE-2011-0081
Version(s): -prior- to 3.1.10
Apr 29 2011

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#20 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 22 June 2011 - 04:25 AM

FYI...

Thunderbird v3.1.11 released
- http://www.mozillame...erbird/all.html
June 21st, 2011

Release Notes
- http://www.mozillame...1/releasenotes/

- http://www.mozilla.o...fsa2011-19.html

Bug fixes
- https://bugzilla.moz...0-0-0=.11-fixed
22 bugs found

- http://www.securityt....com/id/1025686
Date: Jun 22 2011
CVE Reference: CVE-2011-0083, CVE-2011-0085, CVE-2011-2362, CVE-2011-2363, CVE-2011-2364, CVE-2011-2365, CVE-2011-2371, CVE-2011-2373, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376, CVE-2011-2377
Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system. A remote user can obtain cookies from another domain in certain cases...
Version(s): prior to 3.1.11 ...
Solution: The vendor has issued a fix (3.1.11).

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#21 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 28 June 2011 - 07:01 PM

FYI...

Thunderbird v5.0 released
- https://www.mozilla....erbird/all.html
June 28, 2011

Release Notes
- https://www.mozilla....0/releasenotes/

- https://addons.mozil...browse=featured

:ph34r: :!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#22 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 16 August 2011 - 06:55 PM

FYI...

Thunderbird v6.0 released
- https://www.mozilla....erbird/all.html
August 16, 2011

Release Notes
- https://www.mozilla....0/releasenotes/

- https://addons.mozil...browse=featured
___

MFSA 2011-31 - Security issues addressed in Thunderbird 6
- http://www.mozilla.o...fsa2011-31.html
CVE References: CVE-2011-0084, CVE-2011-2985, CVE-2011-2986, CVE-2011-2987, CVE-2011-2988, CVE-2011-2989, CVE-2011-2991, CVE-2011-2992
MFSA 2011-32 - Security issues addressed in Thunderbird 3.1.12
- http://www.mozilla.o...fsa2011-32.html
CVE References: CVE-2011-0084, CVE-2011-2378, CVE-2011-2980, CVE-2011-2981, CVE-2011-2982, CVE-2011-2983, CVE-2011-2984
___

Thunderbird v3.1.12 released
- https://www.mozilla..../all-older.html
August 16, 2011

:!: :ph34r:

Edited by AplusWebMaster, 17 August 2011 - 04:23 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#23 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 02 October 2011 - 07:54 AM

FYI...

Thunderbird v7.0.1 released
- https://www.mozilla....1/releasenotes/
September 30, 2011

Security issues
- https://www.mozilla....ml#thunderbird7

Download
- https://www.mozilla....erbird/all.html

- http://www.securityt....com/id/1026122
CVE Reference: CVE-2011-2372, CVE-2011-2995, CVE-2011-2996, CVE-2011-2997, CVE-2011-3000, CVE-2011-3001, CVE-2011-3005, CVE-2011-3232
Sep 29 2011
"... prior to 7.0..."
___

Thunderbird v3.1.15
- https://www.mozilla..../all-older.html

Release notes
- https://www.mozilla....5/releasenotes/
September 27, 2011

:ph34r:

Edited by AplusWebMaster, 03 October 2011 - 07:13 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#24 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 22 December 2011 - 03:10 PM

FYI...

Thunderbird v9.0 released
- https://www.mozilla....0/releasenotes/
December 20, 2011

Download
- https://www.mozilla....erbird/all.html

Fixed in Thunderbird 9
- https://www.mozilla....ml#thunderbird9
MFSA 2011-58 Crash scaling <video> to extreme sizes
MFSA 2011-57 Crash when plugin removes itself on Mac OS X
MFSA 2011-56 Key detection without JavaScript via SVG animation
MFSA 2011-55 nsSVGValue out-of-bounds access
MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library
MFSA 2011-53 Miscellaneous memory safety hazards (rv:9.0)

- http://web.nvd.nist....d=CVE-2011-3658 - 7.5 (HIGH)
- http://web.nvd.nist....d=CVE-2011-3660 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2011-3661 - 7.5 (HIGH)
- http://web.nvd.nist....d=CVE-2011-3663 - 4.3
- http://web.nvd.nist....d=CVE-2011-3664 - 6.8
- http://web.nvd.nist....d=CVE-2011-3665 - 7.5 (HIGH)
Last revised: 12/21/2011
"... Thunderbird 5.0 through 8.0..."

- http://www.securityt....com/id/1026447
Dec 21 2011
___

Thunderbird v3.1.7 released
- https://www.mozilla..../all-older.html

- http://web.nvd.nist....d=CVE-2011-3666
Last revised: 12/21/2011
CVSS v2 Base Score: 6.8 (MEDIUM)
"... Thunderbird before 3.1.7..."
___

- http://h-online.com/-1400073
22 December 2011

:ph34r:

Edited by AplusWebMaster, 22 December 2011 - 05:35 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#25 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 02 February 2012 - 03:58 PM

FYI...

- https://www.mozilla....fsa2012-10.html
Feb 10, 2012 - "... Fixed in: ... Thunderbird 10.0.1..."
Impact: Critical...
___

Thunderbird v10.0 released
- https://www.mozilla....0/releasenotes/
Jan 31, 2012 What's New...

Download
- https://www.mozilla....erbird/all.html

Fixed in Thunderbird 10
- https://www.mozilla....l#thunderbird10
MFSA 2012-08 Crash with malformed embedded XSLT stylesheets
MFSA 2012-07 Potential Memory Corruption When Decoding Ogg Vorbis files
MFSA 2012-06 Uninitialized memory appended when encoding icon images may cause information disclosure
MFSA 2012-05 Frame scripts calling into untrusted objects bypass security checks
MFSA 2012-04 Child nodes from nsDOMAttribute still accessible after removal of nodes
MFSA 2012-03 <iframe> element exposed across domains via name attribute
MFSA 2012-01 Miscellaneous memory safety hazards (rv:10.0/ rv:1.9.2.26)
___

Thunderbird v3.1.18 released
- https://www.mozilla..../all-older.html

:!: :ph34r:

Edited by AplusWebMaster, 11 February 2012 - 01:13 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#26 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 15 March 2012 - 06:43 AM

FYI...

Thunderbird v.11.0 released
- https://www.mozilla.....0/releasenotes
v.11.0, released: March 13, 2012

Security Advisories
- https://www.mozilla....l#thunderbird11
Fixed in Thunderbird 11
MFSA 2012-19 Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28)
MFSA 2012-18 window.fullScreen writeable by untrusted content
MFSA 2012-17 Crash when accessing keyframe cssText after dynamic modification
MFSA 2012-16 Escalation of privilege with Javascript: URL as home page
MFSA 2012-15 XSS with multiple Content Security Policy headers
MFSA 2012-14 SVG issues found with Address Sanitizer
MFSA 2012-13 XSS with Drag and Drop and Javascript: URL
MFSA 2012-12 Use-after-free in shlwapi.dll

Bugs fixed
- https://www.mozilla....es/buglist.html

Download
- https://www.mozilla....erbird/all.html

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#27 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 25 April 2012 - 03:01 AM

FYI...

Thunderbird v12.0 released
- https://www.mozilla.....0/releasenotes
April 24, 2012 ... See Known Issues

Security Advisories
- https://www.mozilla....l#thunderbird12
Fixed in Thunderbird 12
MFSA 2012-33 Potential site identity spoofing when loading RSS and Atom feeds
MFSA 2012-32 HTTP Redirections and remote content can be read by javascript errors
MFSA 2012-31 Off-by-one error in OpenType Sanitizer
MFSA 2012-30 Crash with WebGL content using textImage2D
MFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
MFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver access restrictions
MFSA 2012-27 Page load short-circuit can lead to XSS
MFSA 2012-26 WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error
MFSA 2012-25 Potential memory corruption during font rendering using cairo-dwrite
MFSA 2012-24 Potential XSS via multibyte content processing errors
MFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface
MFSA 2012-22 use-after-free in IDBKeyRange
MFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)

Bugs fixed
- https://www.mozilla....es/buglist.html

Download
- https://www.mozilla....erbird/all.html
___

- https://secunia.com/advisories/48932/
Release Date: 2012-04-25
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, System access
Where: From remote...
Solution: Upgrade to Firefox version 12.0 and Thunderbird version 12.0...

- http://www.securityt....com/id/1026973
Date: Apr 24 2012
CVE Reference: CVE-2011-1187, CVE-2012-0467, CVE-2012-0468, CVE-2012-0469, CVE-2012-0470, CVE-2012-0471, CVE-2012-0472, CVE-2012-0473, CVE-2012-0474, CVE-2012-0475, CVE-2012-0477, CVE-2012-0478, CVE-2012-0479
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
Version(s): prior to 12.0...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with a target site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
A remote user can spoof certain web sites.
A remote user can obtain potentially sensitive information...

:!:

Edited by AplusWebMaster, 25 April 2012 - 03:55 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#28 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 07 June 2012 - 06:40 AM

FYI...

Thunderbird v13.0 released
- https://www.mozilla.....0/releasenotes
June 5, 2012 ... See Known Issues

Security Advisories
- https://www.mozilla....l#thunderbird13
Fixed in Thunderbird 13
MFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer
MFSA 2012-39 NSS parsing errors with zero length items
MFSA 2012-38 Use-after-free while replacing/inserting a node in a document
MFSA 2012-37 Information disclosure though Windows file shares and shortcut files
MFSA 2012-36 Content Security Policy inline-script bypass
MFSA 2012-35 Privilege escalation through Mozilla Updater and Windows Updater Service
MFSA 2012-34 Miscellaneous memory safety hazards

Bugs fixed
- https://www.mozilla....es/buglist.html

Download
- https://www.mozilla....erbird/all.html
___

- http://www.securityt....com/id/1027122
CVE Reference:
- http://web.nvd.nist....d=CVE-2012-0441 - 5.0
- http://web.nvd.nist....d=CVE-2012-1937 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2012-1938 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2012-1939 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2012-1940 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2012-1941 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2012-1942 - 7.2 (HIGH)
- http://web.nvd.nist....d=CVE-2012-1943 - 6.9
- http://web.nvd.nist....d=CVE-2012-1944 - 4.3
- http://web.nvd.nist....d=CVE-2012-1945 - 2.9
- http://web.nvd.nist....d=CVE-2012-1946 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2012-1947 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2012-3105 - 9.3 (HIGH)
Jun 6 2012
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): prior to 13.0

- https://secunia.com/advisories/49368/
Release Date: 2012-06-06
Criticality level: Highly critical
Impact: Unknown, Security Bypass, Exposure of sensitive information, Privilege escalation, System access
Where: From remote
Solution: Upgrade to... Thunderbird version 13.0.

:!:

Edited by AplusWebMaster, 07 June 2012 - 11:45 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#29 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 18 July 2012 - 11:40 AM

FYI...

Thunderbird v14.0 released
- https://www.mozilla.....0/releasenotes
July 17, 2012 ... See Known Issues

Security Advisories
- https://www.mozilla....l#thunderbird14
Fixed in Thunderbird 14
MFSA 2012-56 Code execution through javascript: URLs
MFSA 2012-53 Content Security Policy 1.0 implementation errors cause data leakage
MFSA 2012-52 JSDependentString::undepend string conversion results in memory corruption
MFSA 2012-51 X-Frame-Options header ignored when duplicated
MFSA 2012-50 Out of bounds read in QCMS
MFSA 2012-49 Same-compartment Security Wrappers can be bypassed
MFSA 2012-48 use-after-free in nsGlobalWindow::PageHidden
MFSA 2012-47 Improper filtering of javascript in HTML feed-view
MFSA 2012-45 Spoofing issue with location
MFSA 2012-44 Gecko memory corruption
MFSA 2012-42 Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6)

Bugs fixed
- https://www.mozilla....es/buglist.html

Download
- https://www.mozilla....erbird/all.html
___

- https://secunia.com/advisories/49993/
Release Date: 2012-07-18
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
Where: From remote...
Solution: Upgrade to version 14...

- http://www.securityt....com/id/1027257
CVE Reference: CVE-2012-1948, CVE-2012-1949, CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1955, CVE-2012-1957, CVE-2012-1958, CVE-2012-1959, CVE-2012-1960, CVE-2012-1961, CVE-2012-1962, CVE-2012-1963, CVE-2012-1967
Jul 17 2012
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): prior to 14 ...

:!: :ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#30 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 30 August 2012 - 06:43 AM

FYI...

Thunderbird v15.0 released
- https://www.mozilla.....0/releasenotes
August 28, 2012 ... See Known Issues

Security Advisories
- https://www.mozilla....l#thunderbird15
Fixed in Thunderbird 15 ...

Bugs fixed
- https://www.mozilla....es/buglist.html

Download
- https://www.mozilla....erbird/all.html
___

- http://www.securityt....com/id/1027452
CVE Reference: CVE-2012-1956, CVE-2012-1970, CVE-2012-1971, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964, CVE-2012-3966, CVE-2012-3967, CVE-2012-3968, CVE-2012-3969, CVE-2012-3970, CVE-2012-3971, CVE-2012-3972, CVE-2012-3974, CVE-2012-3975, CVE-2012-3978, CVE-2012-3980
Aug 29 2012
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): prior to ESR 10.0.7; prior to 15.0

- https://secunia.com/advisories/50308/
Release Date: 2012-08-29
Criticality level: Highly critical
Impact: Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
Where: From remote...
For more information: https://secunia.com/SA50088/
Solution: Upgrade to version 15...
___

- http://h-online.com/-1677823
29 August 2012

:!: :ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#31 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 11 October 2012 - 05:57 AM

FYI...

Thunderbird v16.0.1 released
- https://www.mozilla.....1/releasenotes
October 11, 2012 ... See Known Issues

Download
- https://www.mozilla....erbird/all.html

Security Advisories
- https://www.mozilla....underbird16.0.1
Fixed in Thunderbird 16.0.1
MFSA 2012-89 defaultValue security checks not applied
MFSA 2012-88 Miscellaneous memory safety hazards (rv:16.0.1)

- https://web.nvd.nist...d=CVE-2012-4190 - 10.0 (HIGH)
- https://web.nvd.nist...d=CVE-2012-4191 - 10.0 (HIGH)
- https://web.nvd.nist...d=CVE-2012-4192 - 4.3
- https://web.nvd.nist...d=CVE-2012-4193 - 9.3 (HIGH)
___

Bugs fixed
- https://www.mozilla....es/buglist.html
___

- http://www.securityt....com/id/1027652
CVE Reference: CVE-2012-4190, CVE-2012-4191
Oct 12 2012
Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (16.0.1).

- https://secunia.com/advisories/50932/
Last Update: 2012-10-12
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote
CVE Reference(s): CVE-2012-4190, CVE-2012-4191, CVE-2012-4192, CVE-2012-4193
... vulnerabilities are reported in Firefox and Thunderbird versions -prior- to 16.0.1 and SeaMonkey versions -prior- to 2.13.1.
Solution: Update Firefox and Thunderbird to versions 16.0.1 and SeaMonkey to version 2.13.1.

:!: :ph34r:

Edited by AplusWebMaster, 15 October 2012 - 06:50 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#32 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 21 November 2012 - 06:26 PM

FYI...

Thunderbird v17.0 released
- https://www.mozilla.....0/releasenotes
Nov 20, 2012

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download
- https://www.mozilla....erbird/all.html

Security Advisories
- https://www.mozilla....l#thunderbird17
___

- http://www.securityt....com/id/1027793
CVE Reference: CVE-2012-4201, CVE-2012-4202, CVE-2012-4204, CVE-2012-4205, CVE-2012-4207, CVE-2012-4208, CVE-2012-4209, CVE-2012-4212, CVE-2012-4213, CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-4217, CVE-2012-4218, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5836, CVE-2012-5838, CVE-2012-5839, CVE-2012-5840, CVE-2012-5841, CVE-2012-5842, CVE-2012-5843
Nov 21 2012
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Solution: The vendor has issued a fix (17.0)...

- https://secunia.com/advisories/51358/
Release Date: 2012-11-21
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, System access
Where: From remote...
Solution: Upgrade to version 17.0.

:!: :ph34r:

Edited by AplusWebMaster, 22 November 2012 - 03:09 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#33 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 19 January 2013 - 11:05 AM

FYI...

Thunderbird v17.0.2 released
- https://www.mozilla.....2/releasenotes
Jan 8 2013

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download
- https://www.mozilla....erbird/all.html

Security Advisories
- https://www.mozilla....underbird17.0.2

- http://www.securityt....com/id/1027957
CVE Reference: CVE-2013-0743, CVE-2013-0744, CVE-2013-0745, CVE-2013-0746, CVE-2013-0747, CVE-2013-0748, CVE-2013-0749, CVE-2013-0750, CVE-2013-0752, CVE-2013-0753, CVE-2013-0754, CVE-2013-0755, CVE-2013-0756, CVE-2013-0757, CVE-2013-0758, CVE-2013-0759, CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0764, CVE-2013-0766, CVE-2013-0767, CVE-2013-0768, CVE-2013-0769, CVE-2013-0770, CVE-2013-0771
Jan 9 2013
Impact: Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 17.0.2

:ph34r: :ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#34 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 20 February 2013 - 12:01 PM

FYI...

Thunderbird 17.0.3 released
- https://www.mozilla.....3/releasenotes
Feb 19, 2013

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download
- https://www.mozilla....erbird/all.html

Security Advisories
- https://www.mozilla....underbird17.0.3

- http://www.securityt....com/id/1028165
CVE Reference: CVE-2013-0765, CVE-2013-0772, CVE-2013-0773, CVE-2013-0774, CVE-2013-0775, CVE-2013-0776, CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782, CVE-2013-0783, CVE-2013-0784
Feb 20 2013
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 17.0.3
 

:ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#35 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 03 April 2013 - 07:34 AM

FYI...

Thunderbird v17.0.5 released
- https://www.mozilla.....5/releasenotes
April 2, 2013
FIXED - Security fixes* ...
FIXED - Adjusting font size when composing emails should be easier (Bug 824926)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....erbird/all.html

Fixed in Thunderbird 17.0.5
* https://www.mozilla....underbird17.0.5
MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
MFSA 2013-34 Privilege escalation through Mozilla Updater
MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
MFSA 2013-31 Out-of-bounds write in Cairo library
MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)

- http://www.securityt....com/id/1028382
CVE Reference: CVE-2013-0788, CVE-2013-0789, CVE-2013-0790, CVE-2013-0791, CVE-2013-0793, CVE-2013-0795, CVE-2013-0796, CVE-2013-0797, CVE-2013-0799, CVE-2013-0800
Apr 3 2013
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 17.0.5
 

:ph34r: :ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#36 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 15 May 2013 - 03:34 AM

FYI...

Thunderbird v17.0.6 released
- https://www.mozilla.....6/releasenotes
May 14, 2013

 

- https://www.mozilla....underbird17.0.6
Fixed in Thunderbird 17.0.6
MFSA 2013-48 Memory corruption found using Address Sanitizer
MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent
MFSA 2013-46 Use-after-free with video and onresize event
MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service
MFSA 2013-42 Privileged access for content level constructor
MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....erbird/all.html

- https://secunia.com/advisories/53443/
Release Date: 2013-05-15
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote ...
For more information: https://secunia.com/SA53400/
... vulnerabilities are reported in versions prior to 17.0.6.
Solution: Update to version 17.0.6.

- http://www.securityt....com/id/1028559
CVE Reference: CVE-2013-0801, CVE-2013-1669, CVE-2013-1670, CVE-2013-1672, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681
May 14 2013
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 17.0.6
 

:ph34r:


Edited by AplusWebMaster, 15 May 2013 - 03:55 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#37 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 26 June 2013 - 07:54 AM

FYI...

Thunderbird v17.0.7 released
- https://www.mozilla.....7/releasenotes
June 25, 2013

- https://www.mozilla....underbird17.0.7
Fixed in Thunderbird 17.0.7
MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
MFSA 2013-56 PreserveWrapper has inconsistent behavior
MFSA 2013-55 SVG filters can lead to information disclosure
MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
MFSA 2013-51 Privileged content access and execution via XBL
MFSA 2013-50 Memory corruption found using Address Sanitizer
MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....erbird/all.html
___

- https://secunia.com/advisories/53953/
Release Date: 2013-06-26
Criticality level: Highly Critical
Impact: Security Bypass, Exposure of sensitive information, System access
... vulnerabilities are reported in versions prior to 17.0.7.
Solution: Update to version 17.0.7.

- http://www.securityt....com/id/1028704
CVE Reference: CVE-2013-1682, CVE-2013-1683, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1697
Jun 26 2013
Impact: Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 17.0.7 ...
 

:ph34r:


Edited by AplusWebMaster, 26 June 2013 - 09:04 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#38 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 11 August 2013 - 07:26 PM

FYI...

Thunderbird v17.0.8 released
- https://www.mozilla.....8/releasenotes
August 6, 2013

Security Advisories
- https://www.mozilla....underbird17.0.8
Fixed in Thunderbird 17.0.8
MFSA 2013-75 Local Java applets may read contents of local file system
MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....erbird/all.html
___

- http://www.securityt....com/id/1028887
CVE Reference: CVE-2013-1701, CVE-2013-1702, CVE-2013-1706, CVE-2013-1707, CVE-2013-1709, CVE-2013-1710, CVE-2013-1712, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717
Aug 6 2013
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 17.0.8 ...

- https://secunia.com/advisories/54413/
Release Date: 2013-08-07
Criticality: Highly Critical
Where: From remote
Impact: Security Bypass, Spoofing, Exposure of sensitive information, Privilege escalation, System access
... vulnerabilities are reported in the following products:
* Mozilla Thunderbird and Thunderbird ESR versions prior to 17.0.8...
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 11 August 2013 - 07:30 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#39 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 18 September 2013 - 05:25 AM

FYI...

Thunderbird v24.0 released
- https://www.mozilla....0/releasenotes/
Sep 17, 2013

Security Advisories
- https://www.mozilla....thunderbird24.0
Fixed in Thunderbird 24.0
MFSA 2013-92 GC hazard with default compartments and frame chain restoration
MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-85 Uninitialized data in IonMonkey
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-81 Use-after-free with select element
MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....erbird/all.html
___

- http://www.securityt....com/id/1029044
CVE Reference: CVE-2013-1718, CVE-2013-1719, CVE-2013-1720, CVE-2013-1722, CVE-2013-1723, CVE-2013-1724, CVE-2013-1726, CVE-2013-1728, CVE-2013-1730, CVE-2013-1732, CVE-2013-1735, CVE-2013-1736, CVE-2013-1737, CVE-2013-1738
Sep 17 2013
Impact: Denial of service via network, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 24.0; prior to ESR 17.0.9...
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 18 September 2013 - 05:26 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#40 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 30 October 2013 - 05:19 AM

FYI...

Thunderbird 24.1.1
- https://www.mozilla....underbird24.1.1
Fixed in Thunderbird 24.1.1
MFSA 2013-103 Miscellaneous Network Security Services (NSS) vulnerabilities
- https://www.mozilla....sa2013-103.html

 

- https://www.mozilla....1/releasenotes/
Nov 19, 2013
___

Thunderbird v24.1 released
- https://www.mozilla....1/releasenotes/
Oct 29, 2013

Security Advisories
- https://www.mozilla....thunderbird24.1
Fixed in Thunderbird 24.1
MFSA 2013-102 Use-after-free in HTML document templates
MFSA 2013-101 Memory corruption in workers
MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
MFSA 2013-98 Use-after-free when updating offline cache
MFSA 2013-97 Writing to cycle collected object during image decoding
MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
MFSA 2013-95 Access violation with XSLT and uninitialized data
MFSA 2013-94 Spoofing addressbar though SELECT element
MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....erbird/all.html
___

- https://secunia.com/advisories/55489/
Release Date: 2013-10-30
Criticality: Highly Critical
Where: From remote
Impact: Spoofing, System access
... see the vendor's advisories for a list of affected products and versions.
Solution: Update to a fixed version...

- http://www.securityt....com/id/1029272
CVE Reference: CVE-2013-5590, CVE-2013-5591, CVE-2013-5592, CVE-2013-5593, CVE-2013-5595, CVE-2013-5596, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5603, CVE-2013-5604
Oct 30 2013
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 24.1 ...
Solution:   The vendor has issued a fix (24.1)...
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 21 November 2013 - 07:10 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#41 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 11 December 2013 - 03:27 AM

FYI...

Thunderbird 24.2 released

- https://www.mozilla....0/releasenotes/
Dec 10, 2013

Security Advisories
- https://www.mozilla....thunderbird24.2
Fixed in Thunderbird 24.2
MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
MFSA 2013-116 JPEG information leak
MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
MFSA 2013-114 Use-after-free in synthetic mouse movement
MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
MFSA 2013-111 Segmentation violation when replacing ordered list elements
MFSA 2013-109 Use-after-free during Table Editing
MFSA 2013-108 Use-after-free in event listeners
MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....erbird/all.html
___

- https://secunia.com/advisories/56002/
Release Date: 2013-12-10
Criticality: Highly Critical
Where: From remote
Impact: Unknown, Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access
CVE Reference(s): CVE-2013-5609, CVE-2013-5610, CVE-2013-5612, CVE-2013-5613, CVE-2013-5614, CVE-2013-5615, CVE-2013-5616, CVE-2013-5618, CVE-2013-5619, CVE-2013-6629, CVE-2013-6630, CVE-2013-6671, CVE-2013-6672, CVE-2013-6673
Solution: Update to a fixed version.
 

:ph34r:


Edited by AplusWebMaster, 11 December 2013 - 03:36 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#42 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 05 February 2014 - 06:33 AM

FYI...

Thunderbird v24.3.0 released
- http://www.securityt....com/id/1029721
CVE Reference: CVE-2014-1477, CVE-2014-1478, CVE-2014-1479, CVE-2014-1481, CVE-2014-1482, CVE-2014-1486, CVE-2014-1487, CVE-2014-1490, CVE-2014-1491
Feb 5 2014
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 24.3 ...
Solution: The vendor has issued a fix (24.3)...
- https://www.mozilla....-US/thunderbird

Release Notes
- https://www.mozilla....0/releasenotes/

Security Advisories
- https://www.mozilla....thunderbird24.3
MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
MFSA 2014-12 NSS ticket handling issues
MFSA 2014-09 Cross-origin information leak through web workers
MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
MFSA 2014-04 Incorrect use of discarded images by RasterImage
MFSA 2014-02 Clone protected content with XBL scopes
MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....erbird/all.html
 

:ph34r:


Edited by AplusWebMaster, 05 February 2014 - 10:10 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#43 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 19 March 2014 - 05:26 AM

FYI...

Thunderbird 24.4 released
- http://www.securityt....com/id/1029930
CVE Reference: CVE-2014-1493, CVE-2014-1494, CVE-2014-1496, CVE-2014-1497, CVE-2014-1499, CVE-2014-1505, CVE-2014-1508, CVE-2014-1509, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514
Mar 19 2014
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 24.4
- https://www.mozilla....-US/thunderbird

Release Notes
- https://www.mozilla....0/releasenotes/

Security Advisories
- https://www.mozilla....thunderbird24.4
MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
MFSA 2014-30 Use-after-free in TypeObject
MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
MFSA 2014-26 Information disclosure through polygon rendering in MathML
MFSA 2014-17 Out of bounds read during WAV file decoding
MFSA 2014-16 Files extracted during updates are not always read only
MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....erbird/all.html
 

:ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#44 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 30 April 2014 - 04:25 AM

FYI...

Thunderbird 24.5.0 released
- http://www.securityt....com/id/1030165
CVE Reference: CVE-2014-1520, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532
Apr 30 2014
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 24.5.0 ...
Solution: The vendor has issued a fix (24.5.0)...

- https://www.mozilla....-US/thunderbird

Release Notes
- https://www.mozilla....0/releasenotes/

Security Advisories
- https://www.mozilla....thunderbird24.5
Fixed in Thunderbird 24.5
MFSA 2014-46 Use-after-free in nsHostResolve
MFSA 2014-44 Use-after-free in imgLoader while resizing images
MFSA 2014-43 Cross-site scripting (XSS) using history navigations
MFSA 2014-42 Privilege escalation through Web Notification API
MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
MFSA 2014-37 Out of bounds read while decoding JPG images
MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer
MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....erbird/all.html
 

:ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#45 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 11 June 2014 - 02:55 AM

FYI...

Thunderbird 24.6 released
- http://www.securityt....com/id/1030386
CVE Reference: CVE-2014-1533, CVE-2014-1534, CVE-2014-1536, CVE-2014-1537, CVE-2014-1538, CVE-2014-1541
Jun 11 2014
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 24.6 ...
Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (24.6)...

- https://www.mozilla....-US/thunderbird

- https://www.mozilla....0/releasenotes/
v.24.6.0, released: June 10, 2014

Security Advisories
- https://www.mozilla....thunderbird24.6
Fixed in Thunderbird 24.6
MFSA 2014-52 Use-after-free with SMIL Animation Controller
MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer
MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....erbird/all.html
 

:ph34r:


Edited by AplusWebMaster, 11 June 2014 - 02:55 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#46 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 23 July 2014 - 03:02 AM

FYI...

Thunderbird 31.0 released
- http://www.securityt....com/id/1030620
CVE Reference: CVE-2014-1547, CVE-2014-1548, CVE-2014-1549, CVE-2014-1550, CVE-2014-1551, CVE-2014-1552, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557, CVE-2014-1558, CVE-2014-1559, CVE-2014-1560
Jul 22 2014
Impact: Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 31.0 ...

- https://www.mozilla....-US/thunderbird

- https://www.mozilla....0/releasenotes/
v31.0, released: July 22, 2014

Security Advisories
- https://www.mozilla....l#thunderbird31
Fixed in Thunderbird 31
MFSA 2014-66 IFRAME sandbox same-origin access through redirect
MFSA 2014-65 Certificate parsing broken by non-standard character encoding
MFSA 2014-64 Crash in Skia library when scaling high quality images
MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache
MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library
MFSA 2014-61 Use-after-free with FireOnStateChange event
MFSA 2014-59 Use-after-free in DirectWrite font handling
MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering
MFSA 2014-57 Buffer overflow during Web Audio buffering for playback
MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....erbird/all.html
 

:ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#47 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 03 September 2014 - 05:52 AM

FYI...

Thunderbird 31.1 released
- http://www.securityt....com/id/1030794
CVE Reference: CVE-2014-1553, CVE-2014-1554, CVE-2014-1562, CVE-2014-1563, CVE-2014-1564, CVE-2014-1565, CVE-2014-1567
Sep 3 2014
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to versions 24.8, 31.1 ...
Solution: The vendor has issued a fix (24.8, 31.1).

- https://www.mozilla....-US/thunderbird

- https://www.mozilla....0/releasenotes/
v.31.1.0, released: Sep 2, 2014

Security Advisories
- https://www.mozilla....rbird.html#31.1
Fixed in Thunderbird 31.1
MFSA 2014-72 Use-after-free setting text directionality
MFSA 2014-70 Out-of-bounds read in Web Audio audio timeline
MFSA 2014-69 Uninitialized memory use during GIF rendering
MFSA 2014-68 Use-after-free during DOM interactions with SVG
MFSA 2014-67 Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....erbird/all.html
 

:ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#48 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 15 October 2014 - 06:41 AM

FYI...

Thunderbird v31.2 released
- http://www.securityt....com/id/1031030
CVE Reference: CVE-2014-1574, CVE-2014-1575, CVE-2014-1576, CVE-2014-1577, CVE-2014-1578, CVE-2014-1581, CVE-2014-1583, CVE-2014-1585, CVE-2014-1586
Oct 15 2014
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 31.2 ...
Solution: The vendor has issued a fix (31.2)...

- https://www.mozilla....-US/thunderbird

- https://www.mozilla....0/releasenotes/
v.31.2.0, released: Oct 14, 2014

Security Advisories
- https://www.mozilla....thunderbird31.2
Fixed in Thunderbird 31.2
MFSA 2014-81 Inconsistent video sharing within iframe
MFSA 2014-79 Use-after-free interacting with text directionality
MFSA 2014-77 Out-of-bounds write with WebM video
MFSA 2014-76 Web Audio memory corruption issues with custom waveforms
MFSA 2014-75 Buffer overflow during CSS manipulation
MFSA 2014-74 Miscellaneous memory safety hazards (rv:33.0 / rv:31.2)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....erbird/all.html
 

:ph34r:


Edited by AplusWebMaster, 15 October 2014 - 11:05 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#49 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 02 December 2014 - 05:38 AM

FYI...

Thunderbird 31.3 released
- https://www.mozilla....0/releasenotes/
Dec 1, 2014

Fixed in Thunderbird 31.3
- https://www.mozilla....thunderbird31.3
2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory
2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer
2014-88 Buffer overflow while parsing media content
2014-87 Use-after-free during HTML5 parsing
2014-85 XMLHttpRequest crashes with some input streams
2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....erbird/all.html
___

- http://www.securityt....com/id/1031287
CVE Reference: CVE-2014-1587, CVE-2014-1588, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593, CVE-2014-1594, CVE-2014-1595
Dec 3 2014
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 31.3 ...
Solution: The vendor has issued a fix (31.3).
 

:ph34r:


Edited by AplusWebMaster, 03 December 2014 - 06:01 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#50 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,080 posts

Posted 14 January 2015 - 04:33 AM

FYI...

Thunderbird 31.4.0 released
- https://www.mozilla....0/releasenotes/
Jan 13, 2015

- https://www.mozilla....thunderbird31.4
Fixed in Thunderbird 31.4
2015-04 Cookie injection through Proxy Authenticate responses
2015-03 sendBeacon requests lack an Origin header
2015-01 Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....erbird/all.html
___

- http://www.securityt....com/id/1031534
CVE Reference: CVE-2014-8634, CVE-2014-8635, CVE-2014-8638, CVE-2014-8639
Jan 14 2015
Impact: Execution of arbitrary code via network, Modification of authentication information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 31.4 ...
 

:ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!