Thunderbird Fixes Not Reassuring

By Steven J. Vaughan-Nichols  |  Posted 2008-02-11 Print this article Print

Mozilla offers fixes for a nonexistent version of its possibly neglected e-mail client, Thunderbird.

When Firefox 2..0.0.12 came out on Feb. 7, it brought with it fixes for three critical security holes and seven others that were not quite so serious. According to the security advisories, many of these problems were also fixed in the Thunderbird e-mail client. Unfortunately, there is no Thunderbird 2..0.0.12.

The Mozilla Foundation's press release focused on the Firefox security fixes. The Foundation also reported, though, in its MFSA (Mozilla Foundation Security Advisory), that these same bugs had been fixed in the fictitious Thunderbird

Specifically, the following critical security advisories were reported to be fixed in both Firefox and Thunderbird: MFSA 2008-01 (crashes with evidence of memory corruption) and MFSA 2008-03 (privilege escalation, XSS, remote code execution). In addition, the serious security bug MFSA 2008-05 (directory traversal via chrome: URI) and moderate security bug MFSA 2008-08 (file action dialog tampering) are reported to have been fixed in the nonexistent Thunderbird

Read the full story on 

I'm editor-at-large for Ziff Davis Enterprise. That's a fancy title that means I write about whatever topic strikes my fancy or needs written about across the Ziff Davis Enterprise family of publications. You'll find most of my stories in Linux-Watch, DesktopLinux and eWEEK. Prior to becoming a technology journalist, I worked at NASA and the Department of Defense on numerous major technological projects.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel