Search Perform an advanced search query SOFTPEDIA
 
SOFTPEDIA
Updated one minute ago
HomeSubmit a program for being reviewedAdvertise on our websiteGet help on surfing our websitesSend us your feedbackGet information about our XML/RSS backend and how to use itBrowse the news archiveVisit our discussion forumVizitati forumul in limba romana



KLIP
  1. HOME
  2. SCIENCE
  3. TECHNOLOGY
  4. WEBMASTER
  5. SECURITY
  6. MICROSOFT
  7. LINUX
  8. APPLE
  9. GAMES
  10. TELECOMS
  11. REVIEWS
  12. LIFE & STYLE
  13. EDITORIALS
  14. INTERVIEWS
  15. RSS
Welcome!
Hello, Guest

Login if you have a Softpedia.com account.

Otherwise, register for one.

ADVISORIES

Mozilla Thunderbird Needs Security Patch ASAP!

- Still waiting for a new version of the email client

By: Bogdan Popa, Security and Search Engines Editor

Mozilla Thunderbird, that popular email client designed by the same company that created Firefox, is again vulnerable to attacks after a highly critical security flaw has been discovered in the version prior to 2.0.0.13. In fact, there’s no 2.0.0.13 version yet, but everybody expects it as it is supposed to fix all these glitches.

Security company Secunia rated the flaw as highly critical, adding
that "some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or potentially compromise a user's system." However, Secunia informs us that "the vulnerabilities will be fixed in the upcoming 2.0.0.13 version," so let’s wait a few more days for the new Thunderbird release.

Mozilla has already confirmed the series of vulnerabilities and provided a workaround in order to be used by the Thunderbird consumers until the new version of the email client is rolled out on the market: disable JavaScript. According to the Mozilla security notification, the glitches were reported by three contributors, namely moz_bug_r_a4, Boris Zbarsky, Johnny Stenback, an update being expected in the next few days.

"Additional vulnerabilities reported separately by Boris Zbarsky, Johnny Stenback, and moz_bug_r_a4 showed that the browser could be forced to run JavaScript code using the wrong principal leading to universal XSS and arbitrary code execution," Mozilla mentioned in the advisory.

Mozilla Thunderbird is quite a famous email client nowadays as it has attracted millions of downloads in every country in the world. For instance, the application has attracted more than 80,000 hits on Softpedia. If you want to download the latest version of this software solution, you can take it straight from our website using the following link.

More info about the security vulnerability spotted in Thunderbird can be found in the Mozilla security notification.

MORE RELATED ARTICLES: Mozilla Messaging, Out and About Users Urged to Install the Latest Mozilla Thunderbird Patch Gmail Now with IMAP Support! Mozilla Thunderbird Losing Its Control Completely
 
Comments | Link here | Subscribe
Print | Send to friend
Today's News | Yesterday's News

Search:

TAGS: mozilla thundebird security vulnerability

27th March 2008, 13:16 GMT | Copyright (c) 2008 Softpedia | Contact:
Read by 468 user(s) | Rating: | 2 vote(s) so far | Cast your vote:
Mozilla Thunderbird Needs Security Patch ASAP! - USER OPINIONS




We are sorry, there are no opinions available for this article.


SHARE YOUR OPINION ABOUT Mozilla Thunderbird Needs Security Patch ASAP!

Since you are not logged on, your comments will have to be approved before being displayed.
Click here to login, or register.
Your Name:
Your Email:
Type in the result:
Your Opinion:
 


DO YOU WANT TO CONTACT US?  

If you have some comments or you want to send us some information you can send us an email directly to .
You can use the form below for the same purpose.
Your full name: (at least 3 characters)
Your email address: (at least 5 characters)
Message subject: (at least 5 characters)
Message text:
(at least 10 characters)
Type in the result:
 
 
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and Softpedia™ logo are registered trademarks of SoftNews NET SRL.
Copyright Information | Privacy Policy | Terms of Use | Contact Softpedia | Update your software | Archive