Several vulnerabilities discovered in the famous mail client

Jul 19, 2007 11:54 GMT  ·  By

Mozilla Thunderbird, the famous email client, might get the users into trouble because several security flaws were discovered and confirmed by the parent company. Some of them are also affecting Firefox, the browser created by the same firm but they were already fixed in the 2.0.0.5 release rolled out yesterday. However, we're still waiting for a new update of Thunderbird in order to remain secure while sending and receiving email messages. Mozilla flagged the flaws as critical, saying that Thunderbird 2.0.0.5 expected to be released these days will fix all of them.

"Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript, such as large images," Mozilla wrote in the security notification.

According to the alert, a malicious JavaScript can crash the email client without saving the data or any email process in action. As you can see, you're advised to avoid using JavaScript in emails in order to remain secure and reduce the possibility of a successful exploitation of the security flaw.

Thunderbird is surely one of the most popular email clients on the Internet because it is powered by Mozilla, the same creator of the famous browser Firefox. Just like this application, Thunderbird includes support for themes, extensions and other plug-ins that enable you to customize the appearance and the functionality of the program.

This way the user can configure most of the Thunderbird elements and obtain maximum performance from it. If you want to download the latest version of Thunderbird, you can take it straight from Softpedia.