A new version of the open-source Mozilla Thunderbird mail client has been released to fix at least six security vulnerabilities that could expose users to PC takeover attacks.
The most serious of the six vulnerabilities, a “critical” heap buffer overflow in external MIME bodies, could allow an attacker to execute arbitrary code with the privileges of the current user.
“When calculating the number of bytes to allocate for a heap buffer, sufficient space is not reserved for all of the data being copied into the buffer. This results in up to three bytes of the buffer being overflowed, potentially allowing for the execution of arbitrary code, according to an alert from iDefense, the company that reported the flaw to Mozilla.
Exploitation requires that an attacker social engineer a user into viewing a malicious message in Thunderbird. If the “View->Message Pane” option is turned on (in the “Preview” pane), which is the default, then all a targeted user has to do is select the message in the browsing pane.
Once the message is previewed, the vulnerability will be triggered, iDefense warned.
The flaw affects both Linux and Windows users.
Mozilla also documented a total of five additional issues that could lead for information disclosure, directory traversal, privilege escalation, cross-site scripting and remote code execution attacks.
The Thunderbird update also fixes several mail client crashes with evidence of memory corruption.
The latest Thunderbird update comes on the heels of the launch of Mozilla Messaging, the new mail focused subsidiary of the non-profit Mozilla Foundation
The primary focus of the Mozilla Messaging start-up is the development of Thunderbird 3, which promises integrated calendaring, better search and enhancements to the overall user experience.
AI thrives on data but feeding it the right data is harder than it seems. As enterprises scale their AI initiatives, they face the challenge of managing diverse data pipelines, ensuring proximity to insights, and supporting a growing range of workloads. In this episode, Corey Knowles speaks with Vrashank Jain, lead product manager for Dell’s AI Data Platform, about how businesses can overcome these hurdles with solutions that simplify data management, enhance performance, and unlock the full potential of their AI investments.
In this episode of eSpeaks, Jennifer Margles, Director of Product Management at BMC Software, discusses the transition from traditional job scheduling to the era of the autonomous enterprise.
eSpeaks’ Corey Noles talks with Rob Israch, President of Tipalti, about what it means to lead with Global-First Finance and how companies can build scalable, compliant operations in an increasingly uncertain world. They explore how automation, AI, and integrated platforms are helping finance teams tackle today’s biggest challenges, from cross-border compliance and FX volatility to […]
-
Latest News - Resources Resource HubsFeatured ResourcesLink to The Real AI Power Play: Who Controls Your Enterprise Data Layer? The Real AI Power Play: Who Controls Your Enterprise Data Layer?IT and data teams were promised that AI would make work easier. Instead, it's created new layers of complexity.Link to Building the Backbone of Agentic AI with Trusted, Context-Rich Data Building the Backbone of Agentic AI with Trusted, Context-Rich DataIn this 10-minute take video, Reltio Principal Solutions Consultant Guy Vorster explains how organizations can overcome fragmented data challenges to power AI agents.Link to IHG scales real-time, trusted data across global brands IHG scales real-time, trusted data across global brandsAccelerating time to value while powering data-driven engagementLink to Dell’s Vrashank Jain on The Data Problem That Could Break Your AIDell’s Vrashank Jain on The Data Problem That Could Break Your AI
AI thrives on data but feeding it the right data is harder than it seems. As enterprises scale their AI initiatives, they face the challenge of managing diverse data pipelines, ensuring proximity to insights, and supporting a growing range of workloads. In this episode, Corey Knowles speaks with Vrashank Jain, lead product manager for Dell’s AI Data Platform, about how businesses can overcome these hurdles with solutions that simplify data management, enhance performance, and unlock the full potential of their AI investments.
Link to BMC’s Jennifer Margules on Intelligent Enterprise OrchestrationBMC’s Jennifer Margules on Intelligent Enterprise OrchestrationIn this episode of eSpeaks, Jennifer Margles, Director of Product Management at BMC Software, discusses the transition from traditional job scheduling to the era of the autonomous enterprise.
Link to Global-First Finance: Building Scalable, Compliant Operations in an Uncertain WorldGlobal-First Finance: Building Scalable, Compliant Operations in an Uncertain WorldeSpeaks’ Corey Noles talks with Rob Israch, President of Tipalti, about what it means to lead with Global-First Finance and how companies can build scalable, compliant operations in an increasingly uncertain world. They explore how automation, AI, and integrated platforms are helping finance teams tackle today’s biggest challenges, from cross-border compliance and FX volatility to […]
-
Artificial Intelligence -
Video -
Big Data & Analytics -
Cloud -
Networking - Cybersecurity Cybersecurity
- Applications Applications
- IT Management IT Management
- Storage Storage
- Mobile Mobile
- Small Business Small Business
- Development Development
- Database Database
- Servers Servers
- Android Android
- Apple Apple
- Innovation Innovation
- PC Hardware PC Hardware
- Reviews Reviews
- Search Engines Search Engines
- Virtualization Virtualization
-
- Blogs Blogs
- Events Events