Thunderbird Fixes Not Reassuring

Mozilla offers fixes for a nonexistent version of its possibly neglected e-mail client, Thunderbird.

When Firefox 2..0.0.12 came out on Feb. 7, it brought with it fixes for three critical security holes and seven others that were not quite so serious. According to the security advisories, many of these problems were also fixed in the Thunderbird e-mail client. Unfortunately, there is no Thunderbird 2..0.0.12.

The Mozilla Foundation's press release focused on the Firefox security fixes. The Foundation also reported, though, in its MFSA (Mozilla Foundation Security Advisory), that these same bugs had been fixed in the fictitious Thunderbird

Specifically, the following critical security advisories were reported to be fixed in both Firefox and Thunderbird: MFSA 2008-01 (crashes with evidence of memory corruption) and MFSA 2008-03 (privilege escalation, XSS, remote code execution). In addition, the serious security bug MFSA 2008-05 (directory traversal via chrome: URI) and moderate security bug MFSA 2008-08 (file action dialog tampering) are reported to have been fixed in the nonexistent Thunderbird

Read the full story on