Jump to content


Photo

Thunderbird updated


  • Please log in to reply
74 replies to this topic

#51 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 25 February 2015 - 04:11 AM

FYI...

Thunderbird 31.5 released
- https://www.mozilla....0/releasenotes/
Feb 24, 2015

- https://www.mozilla....thunderbird31.5
Fixed in Thunderbird 31.5
2015-24 Reading of local files through manipulation of form autocomplete
2015-19 Out-of-bounds read and write while rendering SVG content
2015-16 Use-after-free in IndexedDB
2015-12 Invoking Mozilla updater will load locally stored DLL files
2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....erbird/all.html
___

- http://www.securityt....com/id/1031792
CVE Reference: CVE-2015-0822, CVE-2015-0827, CVE-2015-0831, CVE-2015-0833, CVE-2015-0835, CVE-2015-0836
Feb 24 2015
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 31.5 ...
 

:ph34r:


Edited by AplusWebMaster, 25 February 2015 - 04:13 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#52 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 01 April 2015 - 09:45 AM

FYI...

Thunderbird 31.6 released
- https://www.mozilla....0/releasenotes/
March 31, 2015

- https://www.mozilla....thunderbird31.6
Fixed in Thunderbird 31.6
2015-40 Same-origin bypass through anchor navigation
2015-37 CORS requests should not follow 30x redirections after preflight
2015-33 resource:// documents can load privileged pages
2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin
2015-30 Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....erbird/all.html
___

- http://www.securityt....com/id/1032000
CVE Reference: CVE-2015-0801, CVE-2015-0807, CVE-2015-0813, CVE-2015-0814, CVE-2015-0815, CVE-2015-0816
Apr 1 2015
Impact: Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 31.6...
 

:ph34r:


Edited by AplusWebMaster, 03 April 2015 - 09:15 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#53 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 13 May 2015 - 03:37 PM

FYI...

Thunderbird 38 - delayed ...
- http://emailmafia.ne...ird-38-delayed/
May 12, 2015 - "... Thunderbird 38.0 will -not- ship on the same date as Firefox 38.0 but will likely be delayed a couple of weeks... there are still a number of regressions that we are working on, and last week’s beta was the first beta that was feature complete. That means we will not be ready to ship according to the original schedule.
A current estimate of when we will ship Thunderbird 38.0 is approximately May 26."
___

Thunderbird 31.7 released

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

- https://www.mozilla....thunderbird31.7
Fixed in Thunderbird 31.7
2015-57 Privilege escalation through IPC channel messages
2015-54 Buffer overflow when parsing compressed XML
2015-51 Use-after-free during text processing with vertical text enabled
2015-48 Buffer overflow with SVG content and CSS
2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)

Thunderbird 31.7 download:
- https://www.mozilla....hunderbird/all/
___

- http://www.securityt....com/id/1032303
CVE Reference: CVE-2011-3079, CVE-2015-0797, CVE-2015-2708, CVE-2015-2709, CVE-2015-2710, CVE-2015-2713, CVE-2015-2716
May 13 2015
Impact: Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 31.7
 

:ph34r:


Edited by AplusWebMaster, 18 May 2015 - 10:13 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#54 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 03 July 2015 - 09:11 AM

FYI...

Thunderbird 38.1 released

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

- https://www.mozilla....thunderbird38.1
Fixed in Thunderbird 38.1
2015-71 NSS incorrectly permits skipping of ServerKeyExchange
2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
2015-67 Key pinning is ignored when overridable errors are encountered
2015-66 Vulnerabilities found through code inspection
2015-63 Use-after-free in Content Policy due to microtask execution error
2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)

Download:
- https://www.mozilla....hunderbird/all/
___

- http://www.securityt....com/id/1032784
CVE Reference: CVE-2015-2721, CVE-2015-2722, CVE-2015-2724, CVE-2015-2725, CVE-2015-2726, CVE-2015-2731, CVE-2015-2733, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740, CVE-2015-2741, CVE-2015-4000
Jul 3 2015
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of authentication information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 38.0 and prior ...
Solution: The vendor has issued a fix (38.1)...
___

Thunderbird 38.2

Download: https://www.mozilla....hunderbird/all/

- https://www.mozilla....thunderbird38.2
Aug 11, 2015
Fixed in Thunderbird 38.2
Vulnerabilities found through code inspection
2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images
2015-85 Out-of-bounds write with Updater and malicious MAR file
2015-84 Arbitrary file overwriting through Mozilla Maintenance Service with hard links
2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)
 

:ph34r:


Edited by AplusWebMaster, 27 September 2015 - 04:49 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#55 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 16 December 2015 - 02:11 PM

FYI...

Thunderbird 38.4 released

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

- https://www.mozilla....0/releasenotes/
Nov 23, 2015

Fixed in Thunderbird 38.4
- https://www.mozilla....thunderbird38.4
2015-133 NSS and NSPR memory corruption issues
2015-132 Mixed content WebSocket policy bypass through workers
2015-131 Vulnerabilities found through code inspection
2015-128 Memory corruption in libjar through zip files
2015-127 CORS preflight is bypassed when non-standard Content-Type headers are received
2015-123 Buffer overflow during image interactions in canvas
2015-122 Trailing whitespace in IP address hostnames can bypass same-origin policy
2015-116 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)

- https://www.mozilla....rbird/releases/

Download:
- https://www.mozilla....hunderbird/all/
___

- http://www.securityt....com/id/1034260
CVE Reference: CVE-2015-4513, CVE-2015-7189, CVE-2015-7193, CVE-2015-7197, CVE-2015-7198, CVE-2015-7199, CVE-2015-7200
Nov 26 2015
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Thunderbird version 38.4.0 ...
 

:ph34r: :ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#56 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 26 December 2015 - 10:13 AM

FYI...

Thunderbird 38.5 released

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

- https://www.mozilla....0/releasenotes/
Dec 23, 2015

Fixed in Thunderbird 38.5
- https://www.mozilla....thunderbird38.5
2015-149 Cross-site reading attack through data and view-source URIs
2015-146 Integer overflow in MP4 playback in 64-bit versions
2015-145 Underflow through code inspection
2015-139 Integer overflow allocating extremely large textures
2015-134 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)

- https://www.mozilla....rbird/releases/

Download:
- https://www.mozilla....hunderbird/all/
___

Version 38.5.1
- https://www.mozilla....1/releasenotes/
Jan 7, 2016

What’s New:
    Changed: Use a SHA-256 signing certificate for Windows builds, to meet new signing requirements
Known Issues:
    unresolved: Windows XP SP2 will no longer install Thunderbird (workaround: Install Thunderbird 38.5.0 then update)
 

:ph34r:


Edited by AplusWebMaster, 11 January 2016 - 08:58 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#57 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 16 March 2016 - 10:20 AM

FYI...

Thunderbird 45.1.1 released
- https://www.mozilla....1/releasenotes/
May 31, 2016
What’s New:
Fixed: When entering members into a mailing list, the enter key dismissed the panel instead of just moving onto the next line
Fixed: Email without HTML elements was sent as HTML, despite "Delivery Format: Auto-detect" option
Fixed: Options applied to a template were lost when the template was used.
Fixed: Contacts could not be deleted when they were found through a search
Fixed: Views from global searches did not respect "mail.threadpane.use_correspondents"

- https://www.mozilla....es/thunderbird/

> https://www.mozilla....rbird/releases/

>> https://www.mozilla....hunderbird/all/
___

Thunderbird 45.1.0 released
- https://www.mozilla....0/releasenotes/
May 10, 2016
What’s New
Fixed:
- Drag & Drop a contact name from Thunderbird address book (list view) to address box in a new message “compose” window failed.
- UI elements became larger when moused over on retina displays/monitor on Mac OS X
- Automatic correspondents column upgrade disabled
- DIGEST-MD5 authentication in JS-XMPP failed for some users (now disabled).
- Font indicator in compose falsely claimed certain fonts were not installed.
- Printing failed in composition window.
- Various security fixes*
- Various improvements in handling of message compose in paragraph mode.
* https://www.mozilla....thunderbird45.1
Fixed in Thunderbird 45.1
2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)

> https://www.mozilla....rbird/releases/

>> https://www.mozilla....hunderbird/all/
___

Thunderbird 45.0
- https://www.mozilla....0/releasenotes/
Apr 12, 2016
What’s New:
- Add a Correspondents column combining Sender and Recipient
- Much better support for XMPP chatrooms and commands.
- Implement option to always use HTML formatting to prevent unexpected format loss when converting messages to plain text.
- Use OpenStreetmap for maps (even allow the user to choose from list of map services)
- Allow spell checking and dictionary selection in the subject line
- Add dropdown in compose to allow specific setting of font size.
- Return/Enter in composer will now insert a new paragraph by default (shift-Enter will insert a line break)
- Mail.ru supports OAuth authentication.
- Improved options for remote content exceptions (but previous settings based on the sender's email address are not migrated, so these need to be added again by users).
- Allow editing of From when composing a message.
- Allow copying of name and email address from the message header of an email
Fixed:
- When sending e-mail which was composed using Chinese, Japanese or Korean characters, unwanted extra spaces were inserted within the text.
- XMPP had connection problems for users with large rosters
- Spell checker checked spelling in invisible HTML parts of the message.
- When saving a draft that is edited as new message, original draft was overwritten.
- External images not displayed in reply/forward
- Properly preserve pre-formatted blocks in message replies.
- Crashed in some cases while parsing IMAP messages.
- Copy/paste from a plain text editor lost white-space (multiple spaces/blanks, tabs, newlines)
- "Open Draft"/"Forward"/"Edit As New"/"Reply" created message composition with incorrect character encoding.
- Grouped By view sort direction change was broken, plus enabled custom column grouping.
- New emails into a mailbox did not adhere to sort order by received.
- Box.com attachments failed to upload.
- Drag and drop of multiple attachments failed to OS file folder.
Known Issues:
- unresolved - Outlook and Eudora import non-functional.

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

- https://www.mozilla..../#thunderbird45
Fixed in Thunderbird 45
... fixes dtd. March 8, 2016 ?

 

> https://www.mozilla....rbird/releases/
___

Thunderbird v38.7 released
- https://www.mozilla....0/releasenotes/
March 14, 2016
Fixed: Various security fixes*
* https://www.mozilla....thunderbird38.7
Fixed in Thunderbird 38.7
2016-37 Font vulnerabilities in the Graphite 2 library
2016-35 Buffer overflow during ASN.1 decoding in NSS
2016-34 Out-of-bounds read in HTML parser following a failed allocation
2016-31 Memory corruption with malicious NPAPI plugin
2016-27 Use-after-free during XML transformations
2016-24 Use-after-free in SetBody
2016-23 Use-after-free in HTML5 string parser
2016-20 Memory leak in libstagefright when deleting an array during MP4 processing
2016-17 Local file overwriting and potential privilege escalation through CSP reports
2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)

... 60 bugs found.
> http://preview.tinyurl.com/jhljn2x

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla....hunderbird/all/

- https://www.mozilla....rbird/releases/
___

Thunderbird 38.7.1
- https://www.mozilla....1/releasenotes/
Mar 25, 2016
> Disabled Graphite font shaping library
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 22 June 2016 - 01:48 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#58 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 10 July 2016 - 05:53 AM

FYI...

Thunderbird v45.2.0 released
- https://www.mozilla....0/releasenotes/
June 30, 2016
Fixed: Invitations to events could not be printed.
Fixed: Dragging and dropping of contacts from the contact list onto an addressbook while All Addressbooks is selected moved only one contact
Fixed: Falsely reported not enough disk space during compacting
Fixed: Links were not always detected properly in the message body (terminated early on "|", some long links not detected at all)

> https://www.mozilla....thunderbird45.2
Fixed in Thunderbird 45.2
2016-49 Miscellaneous memory safety hazards (rv:47.0/rv:45.2)

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

- https://www.mozilla....rbird/releases/

Download
- https://www.mozilla....hunderbird/all/
 

:ph34r: :ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#59 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 08 October 2016 - 02:52 PM

FYI...

Thunderbird 45.4.0 released
- https://www.mozilla....0/releasenotes/
Oct 3, 2016
What’s New:
Fixed:     
- Display name was truncated if no separating space before email address.
- Recipient addresses were shown in red despite being inserted from the address book in some circumstances.
- Additional spaces were inserted when drafts were edited.
- Mail saved as template copied In-Reply-To and References from original email.
- Threading broken when editing message draft, due to loss of Message-ID
- "Apply columns to..." did not honor special folders

... 12 bugs fixed.

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

- https://www.mozilla....rbird/releases/

Download
- https://www.mozilla....hunderbird/all/

Add-ons
- https://addons.mozil...US/thunderbird/
 

:ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#60 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 21 November 2016 - 05:50 AM

FYI...

Thunderbird 45.5.0 released
- https://www.mozilla....0/releasenotes/
Nov 18, 2016
What’s New:
Changed: IMPORTANT: Changed recipient address entry: Arrow-keys now copy the pop-up value to the input field. Mouse-hovered pop-up value can no longer be confirmed with tab or enter key. This restores the behavior of Thunderbird 24.
Changed: Support changes to character limit in Twitter
Fixed:
- Reply with selected text containing quote resulted in wrong quoting level indication
- Mail address display at header pane displayed incorrectly if the address contains UTF-8 according to RFC 6532
- Attempting to sort messages on the Date field whilst a quick filter is applied got stuck on sort descending
- Email invitation might not be displayed when description contains non-ASCII characters

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

- https://www.mozilla....rbird/releases/

Download
- https://www.mozilla....hunderbird/all/

Add-ons
- https://addons.mozil...US/thunderbird/
 

:ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#61 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 01 December 2016 - 08:12 AM

FYI...

Thunderbird 45.5.1 released
- https://www.mozilla....1/releasenotes/
Nov 30, 2016

- https://www.mozilla....underbird45.5.1

- https://www.mozilla....es/mfsa2016-92/
Fixed in:
 Thunderbird 45.5.1
CVE-2016-9079: Use-after-free in SVG Animation
Critical

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

- https://www.mozilla....rbird/releases/

Download
- https://www.mozilla....hunderbird/all/

Add-ons
- https://addons.mozil...US/thunderbird/
___

- http://www.securityt....com/id/1037371
CVE Reference: CVE-2016-9079
Dec 1 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): prior to 45.5.1
Impact: A remote user can create JavaScript content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: Mozilla.org has issued a fix for Mozilla Thunderbird (45.5.1)...
___

- https://www.us-cert....ecurity-Updates
Nov 30, 2016
 

:ph34r: :ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#62 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 29 December 2016 - 04:24 AM

FYI...

Thunderbird 45.6 released
- https://www.mozilla....0/releasenotes/
Dec 28, 2016
Fixed: The system integration dialog was shown every time when starting Thunderbird
Fixed: Various security fixes...
- https://www.mozilla....thunderbird45.6

> https://www.mozilla....es/mfsa2016-96/
Critical
Fixed in: Thunderbird 45.6 ...
CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements
CVE-2016-9893: Memory safety bugs fixed in Thunderbird 45.6

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download
- https://www.mozilla....hunderbird/all/
v45.6
___

- https://www.us-cert....Security-Update
Dec 28, 2016
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 02 January 2017 - 07:35 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#63 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 27 January 2017 - 04:03 AM

FYI...

Thunderbird 45.7 released
- https://www.mozilla....0/releasenotes/
Jan 26, 2017

- https://www.mozilla....rbird/releases/

Fixed in Thunderbird 45.7
- https://www.mozilla....thunderbird45.7

Security vulnerabilities fixed in Thunderbird 45.7
- https://www.mozilla....es/mfsa2017-03/
Jan 26, 2017
Critical
CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
CVE-2017-5376: Use-after-free in XSL
CVE-2017-5373: Memory safety bugs fixed in Thunderbird 45.7

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download
- https://www.mozilla....hunderbird/all/
v45.7
___

- https://www.us-cert....Security-Update
Jan 26, 2017
 

:ph34r: :ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#64 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 08 March 2017 - 07:14 AM

FYI...

Thunderbird 45.8.0 released
- https://www.mozilla....0/releasenotes/
Mar 7, 2017

Fixed in Thunderbird 45.8
- https://www.mozilla....thunderbird45.8

- https://www.mozilla....es/mfsa2017-07/
Critical
CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
CVE-2017-5401: Memory Corruption when handling ErrorResult
CVE-2017-5402: Use-after-free working with events in FontFace objects
CVE-2017-5404: Use-after-free working with ranges in selections
CVE-2017-5398: Memory safety bugs fixed in Thunderbird 45.8

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download
- https://www.mozilla....hunderbird/all/
 

:ph34r: :ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#65 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 11 April 2017 - 05:28 AM

FYI...

Thunderbird 52.0 released
- https://www.mozilla....0/releasenotes/
April 4, 2017

Fixed in Thunderbird 52
- https://www.mozilla..../#thunderbird52

- https://www.mozilla....es/mfsa2017-09/
Critical
CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
CVE-2017-5401: Memory Corruption when handling ErrorResult
CVE-2017-5402: Use-after-free working with events in FontFace objects
CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object
CVE-2017-5404: Use-after-free working with ranges in selections

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download
- https://www.mozilla....hunderbird/all/
 

:ninja: :ninja:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#66 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 14 April 2017 - 06:40 PM

FYI...

Thunderbird 52.0.1 released
- https://www.mozilla....1/releasenotes/
April 14, 2017

Fixed:
- Crash due to incompatibility with McAfee Anti-SPAM add-on. Add-on is blocked in 52.0.1
- Clicking on a link in an email may not open this link in the external browser...

Complete list of changes in this release
- https://mzl.la/2nSk0Ft
373 bugs found

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download
- https://www.mozilla....hunderbird/all/
 

:ninja: :ninja:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#67 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 30 April 2017 - 06:20 PM

FYI...

Thunderbird 52.1.0 released
- https://www.mozilla....0/releasenotes/
April 30, 2017

Fixed:
 Background images not working and other issues related to embedded images when composing email
 Google Oauth setup can sometimes not progress to the next step

Complete list of changes in this release
- https://bugzilla.moz...format=advanced
19 bugs found.

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download
- https://www.mozilla....hunderbird/all/
 

:ninja: :ninja:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#68 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 16 May 2017 - 04:09 AM

FYI...

Thunderbird 52.1.1 released
- https://www.mozilla....1/releasenotes/
May 15, 2017

Fixed:
- Large attachments may not be shown or saved correctly if the message is stored in an IMAP folder which is not synchronized for offline use
- Unable to load full message via POP if message was downloaded partially (or only headers) before
- Some attachments can't be opened or saved if the message body is empty
- Crash when compacting IMAP folder

Known Issues:
unresolved:
- Large number of blank pages being printed under certain circumstances
- Crash due to incompatibility with McAfee Anti-SPAM add-on. Workaround: Start in safe mode and -disable- McAfee Anti-Spam Extension

Complete list of changes in this release:
- https://bugzilla.moz...format=advanced
19 bugs found.

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download
- https://www.mozilla....hunderbird/all/
 

:ninja: :ninja:


Edited by AplusWebMaster, 17 May 2017 - 07:25 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#69 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 15 June 2017 - 04:42 AM

FYI...

Thunderbird 52.2.0 released
- https://www.mozilla....0/releasenotes/
June 14, 2017
What’s New:
Fixed:
- Embedded images not shown in email received from Hotmail/Outlook webmailer
- Detection of non-ASCII font names in font selector
- Attachment not forwarded correctly under certain circumstances
- Multiple requests for master password when GMail OAuth2 is enabled
- Large number of blank pages being printed under certain circumstances when invalid preferences were present
- Messages sent via the Simple MAPI interface are forced to HTML
- Calendar: Invitations can't be printed
- Mailing list (group) not accessible from macOS or Outlook address book
- Clicking on links with references/anchors where target doesn't exist in the message not opening in external browser

Various security fixes:
- https://www.mozilla....thunderbird52.2

- https://www.mozilla....es/mfsa2017-17/
Critical:
CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2, and Thunderbird 52.2

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download
- https://www.mozilla....hunderbird/all/
___

- https://www.us-cert....Security-Update
June 15, 2017
 

:ninja: :ninja:


Edited by AplusWebMaster, 16 June 2017 - 05:06 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#70 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 26 June 2017 - 03:28 AM

FYI...

Thunderbird 52.2.1 released
- https://www.mozilla....1/releasenotes/
June 23, 2017
Fixed: Problems with Gmail (folders not showing, repeated email download, etc.) introduced in version 52.2.0.

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download
- https://www.mozilla....hunderbird/all/
 

:ninja:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#71 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 17 August 2017 - 06:08 PM

FYI...

Thunderbird 52.3.0 released
- https://www.mozilla....0/releasenotes/
Aug 16, 2017
Fixed:
- Unwanted inline images shown in rogue SPAM messages
- Deleting message from the POP3 server not working when maildir storage was used
- Message disposition flag (replied / forwarded) lost when reply or forwarded message was stored as draft and draft was sent later
- Inline images not scaled to fit when printing
- Selected text from another message sometimes included in a reply
- No authorisation prompt displayed when inserting image into email body although image URL requires authentication
- Large attachments taking a long time to open under some circumstances

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Download
- https://www.mozilla....hunderbird/all/

> https://www.mozilla....es/mfsa2017-20/
Critical:
CVE-2017-7800: Use-after-free in WebSockets during disconnection
CVE-2017-7801: Use-after-free with marquee during window resizing
CVE-2017-7779: Memory safety bugs fixed in Firefox 55, Firefox ESR 52.3, and Thunderbird 52.3
___

- https://www.us-cert....Security-Update
Aug 21, 2017
 

:ninja:


Edited by AplusWebMaster, 21 August 2017 - 07:41 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#72 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 12 October 2017 - 05:09 AM

FYI...

Thunderbird 52.4.0 released
- https://www.mozilla....0/releasenotes/
Oct 6, 2017

New: In Thunderbird 52 a new behavior was introduced for replies to mailing list posts: "When replying to a mailing list, reply will be sent to address in From header ignoring Reply-to header". A new preference mail.override_list_reply_to allows to restore the previous behavior.
Fixed:
- Under certain circumstances (image attachment and non-image attachment), attached images were shown truncated in messages stored in IMAP folders not synchronised for offline use.
- IMAP UIDs > 0x7FFFFFFF not handled properly
- Various security fixes*

* https://www.mozilla....thunderbird52.4
Oct 9, 2017
> https://www.mozilla....es/mfsa2017-23/
Critical:
CVE-2017-7810: Memory safety bugs fixed in Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Addons: https://addons.mozil...US/thunderbird/

Download
- https://www.mozilla....hunderbird/all/
___

> https://www.us-cert....Security-Update
Oct 11, 2017
 

:ninja:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#73 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 24 November 2017 - 07:34 AM

FYI...

Thunderbird 52.5.0 released
- https://www.mozilla....0/releasenotes/
Nov 23, 2017
New: Better support for Charter/Spectrum IMAP: Thunderbird will now detect Charter's IMAP service and send an additional - IMAP select command to the server. Check the various preferences ending in "force_select" to see whether auto-detection has discovered this case.
Fixed:
- In search folders spanning multiple base folders clicking on a message sometimes marked another message as read
- IMAP alerts have been corrected and now show the correct server name in case of connection problems
- POP alerts have been corrected and now indicate connection problems in case the configured POP server cannot be found
- Various security fixes:
- https://www.mozilla....thunderbird52.5

> https://www.mozilla....es/mfsa2017-26/
Critical:
CVE-2017-7828: Use-after-free of PressShell while restyling layout
CVE-2017-7826: Memory safety bugs fixed in Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Addons: https://addons.mozil...US/thunderbird/

Download
- https://www.mozilla....hunderbird/all/
 

:ninja: :ninja:


Edited by AplusWebMaster, 25 November 2017 - 11:19 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#74 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 22 December 2017 - 08:10 PM

FYI...

Thunderbird 52.5.2 released
- https://www.mozilla....2/releasenotes/
Dec 22, 2017
What’s New:
 Fixed: This releases fixes the "Mailsploit" vulnerability and other vulnerabilities detected by the "Cure53" audit. For details and various other security fixes see here*.
* https://www.mozilla....underbird52.5.2
...
> https://www.mozilla....es/mfsa2017-30/
Critical
CVE-2017-7845: Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9

Automated Updates: https://support.mozi...ing-thunderbird
Manual check: Go to >Help >About Thunderbird

Addons: https://addons.mozil...US/thunderbird/

Download
- https://www.mozilla....hunderbird/all/
___

- https://www.us-cert....ate-Thunderbird
Dec 25, 2017
___

- https://www.security....com/id/1040123
CVE Reference: CVE-2017-7829, CVE-2017-7845, CVE-2017-7846, CVE-2017-7847, CVE-2017-7848
Jan 8 2018
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can spoof the sender's email address.
Solution: The vendor has issued a fix (52.5.2).
The vendor advisory is available at: https://www.mozilla....es/mfsa2017-30/
 

:ninja: :ninja:


Edited by AplusWebMaster, 17 January 2018 - 10:16 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#75 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 27 January 2018 - 10:53 AM

FYI...

Thunderbird 52.6.0 released
- https://www.mozilla....0/releasenotes/
Jan 25, 2018
What’s New
 Fixed: Searching message bodies of messages in local folders, including filter and quick filter operations, not working reliably: Content not found in base64-encode message parts, non-ASCII text not found and false positives found.
 Fixed: Defective messages (without at least one expected header) not shown in IMAP folders but shown on mobile devices
 Fixed: Calendar: Unintended task deletion if numlock is enabled
 Fixed: Various security fixes*
* https://www.mozilla....thunderbird52.6
... Fixed in Thunderbird 52.6
- https://www.mozilla....es/mfsa2018-04/
CVE-2018-5095: Integer overflow in Skia library during edge builder allocation
Critical
CVE-2018-5089: Memory safety bugs fixed in Firefox 58, Firefox ESR 52.6, and Thunderbird 52.6
Critical
___

- https://www.us-cert....ate-Thunderbird
Jan 25, 2018
 

:ninja: :ninja:


Edited by AplusWebMaster, 27 January 2018 - 11:05 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.




Member of UNITE
Support SpywareInfo Forum - click the button