Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Thunderbird is out - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Thunderbird is out

A new Thunderbird version,, has been released. This version fixes five (5) known vulnerabilities: 1 critical, 3 high and 1 moderate.

MFSA 2008-12 Heap buffer overflow in external MIME bodies
MFSA 2008-07 Possible information disclosure in BMP decoder
MFSA 2008-05 Directory traversal via chrome: URI
MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
MFSA 2008-01 Crashes with evidence of memory corruption (rv:

We were told by the security people at Mozilla a couple of weeks ago, when Firefox was released, that this Thunderbird version contains security fixes that will never be fixed in a 1.5 version. So, if you're still running Thunderbird 1.X, it is time to update!

Thanks Jason for the heads up.

Raul Siles


Raul Siles

152 Posts
Feb 27th 2008

Sign Up for Free or Log In to start participating in the conversation!