Thunderbird 60.7.2 Security Release Available, Upgrade if you use Thunderbird
Users of the e-mail client Thunderbird from the Mozilla
foundation corporation should absolutely upgrade to this latest versions of Thunderbird which fixes two security issues, one of which is really bad: the right special e-mail gets to run arbitrary code on your computer.
Upgrading is specially important if you are using an older version of Thunderbird.
The second issue fixed in Thunderbird 60.7.2 is more serious. It is described as:
"Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer."
The when combined with additional vulnerabilities part is somewhat concerning given the really long list of security-issues fixed in Thunderbird 60.7 and 60.7.1. Upgrading to a newer version of Thunderbird is specially important if you are using an older version like 60.5.1. The e-mail client crashing when you open a special bad e-mail is not good and the e-mail running random code on your machine is even worse.
You can find an overview of all the security problems with Thunderbird 60 since it's release in August, 2018 at https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/
published 2019-06-22 - last edited 2019-06-22
Latest news headlines
- Linux Kernel 5.5 "Kleptomaniac Octopus" RC1 Is Released With Live Patching, Reworked Fair Scheduler And More
- Firefox 71 Released With Built-In MP3 Decoding, 12 Security Fixes and Some Breakage
- Systemd Opened Security Hole In Linux, VPNs Could Be Compromised
- Amazon Is Following Chinas Lead Towards a ARM Based Cloud Future
- Nvidia Could Be Changing Their Hostile Attitude Towards Free Software Drivers
- Mesa 19.3.0 Will Be Released Next Week
- Purism Announces US-Manufactured Librem 5 Model For $1999 USD
- Linux Kernel Could Support Automatic Closing Of CD/DVD Drive Trays On Mount (Again)
- Libxfce4ui 4.15.0 Is Released, Drops GTK2 Support
See the more archive for news headlines