Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thunderbird 91.5.0 fixes several security issues
[Image: thunderbird-91.5.0.webp]

Thunderbird 91.5.0 Stable is a security update that addresses several issues in the open source email client.The new version of Thunderbird Stable is already available. It is pushed to user systems, provided that automatic updating has not been disabled.

Thunderbird users may run manual checks for updates to install the update early. Select Help > About Thunderbird to display the installed version and have Thunderbird run a check for updates manually. Users who don't see the menubar need to press the Alt-key on the keyboard to display it.

The official release notes list just three entries: two refer to fixed issues in the email client, one links to the security advisories page, which details the fixed security issues in the client.

The two non-security issues that were fixed address a display issue for RSS keyword labels and missing information on Thunderbird's about dialog page.

The security advisories page for Thunderbird 91.5 lists 14 security issues, many of which come from the code that Thunderbird shares with the Firefox web browser.

The highest severity rating of all vulnerabilities is high, second only to the critical rating. Here is the full list of security issues patched in the new Thunderbird version:
  1. CVE-2022-22746: Calling into reportValidity could have lead to fullscreen window spoof
  2. CVE-2022-22743: Browser window spoof using fullscreen mode
  3. CVE-2022-22742: Out-of-bounds memory access when inserting text in edit mode
  4. CVE-2022-22741: Browser window spoof using fullscreen mode
  5. CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner
  6. CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur
  7. CVE-2022-22737: Race condition when playing audio files
  8. CVE-2021-4140: Iframe sandbox bypass with XSLT
  9. CVE-2022-22748: Spoofed origin on external protocol launch dialog
  10. CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation event
  11. CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully escape website-controlled data, potentially leading to command injection
  12. CVE-2022-22747: Crash when handling empty pkcs7 sequence
  13. CVE-2022-22739: Missing throttling on external protocol launch dialog
  14. CVE-2022-22751: Memory safety bugs fixed in Thunderbird 91.5
Now You: do you use Thunderbird? What would you like to see supported?
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  • ismail

Forum Jump:

Users browsing this thread: 1 Guest(s)
You have to register before you can post on our site.



Recent Posts
Kaspersky: we’re starting a new digital ...
Meet the new Ka...harlan4096 — 15:44
GFYI [Official] Steganos VPN Online Shi...
Congrats to all winn...damien76 — 09:03
GFYI [Official] Backup4all Professional...
Congrats to all winn...damien76 — 09:02
GFYI [Official] Steganos VPN Online Shi...
We are pleased to an...jasonX — 10:33
GFYI [Official] Backup4all Professional...
We are pleased to an...jasonX — 09:59

Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (51)isyqop
avatar (41)AntoineLer
avatar (35)prefenouff
avatar (36)emogig
avatar (38)Isabelle88Nes
avatar (38)ferpuMip
avatar (35)kinotExaro
avatar (47)HerbertPab
avatar (44)Susanskymn
avatar (38)stepaRurry
avatar (34)torieyang
avatar (43)MichaelPlaup
avatar (36)JasonSoult
avatar (33)hyxamuc

Online Staff
There are no staff members currently online.