Thunderbird 38.1 released
Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird
Fixed in Thunderbird 38.1
2015-71 NSS incorrectly permits skipping of ServerKeyExchange
2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
2015-67 Key pinning is ignored when overridable errors are encountered
2015-66 Vulnerabilities found through code inspection
2015-63 Use-after-free in Content Policy due to microtask execution error
2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)
CVE Reference: CVE-2015-2721, CVE-2015-2722, CVE-2015-2724, CVE-2015-2725, CVE-2015-2726, CVE-2015-2731, CVE-2015-2733, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740, CVE-2015-2741, CVE-2015-4000
Jul 3 2015
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of authentication information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 38.0 and prior ...
Solution: The vendor has issued a fix (38.1)...
Aug 11, 2015
Fixed in Thunderbird 38.2
Vulnerabilities found through code inspection
2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images
2015-85 Out-of-bounds write with Updater and malicious MAR file
2015-84 Arbitrary file overwriting through Mozilla Maintenance Service with hard links
2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)
Edited by AplusWebMaster, 27 September 2015 - 04:49 PM.