Thunderbird 68.4.1 is a security update

[harlan4096]

Thunderbird 68.4.1 was released a couple of days ago. The new version is a security update for the email client that patches a security vulnerability that is exploited in the wild as well as other security issues in the program.

Thunderbird users who are running a 68.x version of the email client should receive the update automatically provided that automatic updating has not been turned off in the client. A manual check for updates via Help > About Thunderbird in the client should pick up the new update right away so that it can be installed.

As far as security is concerned, Thunderbird 68.4.1 fixes a total of seven different security vulnerabilities; one of them rated critical, the highest severity rating, others high or moderate, the second and third highest severity rating available.

1. CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement
2. CVE-2019-17015: Memory corruption in parent process during new content process initialization on Windows
3. CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting
4. CVE-2019-17017: Type Confusion in XPCVariant.cpp
5. CVE-2019-17021: Heap address disclosure in parent process during content process initialization on Windows
6. CVE-2019-17022: CSS sanitization does not escape HTML tags
7. CVE-2019-17024: Memory safety bugs fixed in Thunderbird 68.4.1

The critical security vulnerability is the same that Mozilla patched earlier this month in Firefox. Since Thunderbird relies on Firefox code, it is often affected by issues that affect the web browser.

Thunderbird 68.4.1 comes with improvements in regards to setting up Microsoft Exchange servers. The development team lists better support for IMAP/SMTP, better detection of Office 365 accounts, and re-run configuration after password change.

The new version of the email client fixes five issues that were detected in previous versions of the application:

* Fixed an issue that prevented attachments with at least one space in the name to be opened under certain circumstances.
* Fixed an issue that showed garbled content in the message display pane after changing view layouts under certain circumstances.
* Fixed an issue that caused tags to be lost in shared IMAP folders under certain circumstances.
* Theme changes to "achieve 'pixel perfection'".
* Fixed the event attendee dialog in calendar.

Thunderbird users who run Thunderbird 68.x and have not updated yet to the new version are encouraged to do so right away to protect the client from attacks.

Now You: Which email client do you use currently and why?
...

Continue Reading