Softpedia >News >Microsoft >Windows Software
Softpedia Homepage   

Mozilla Thunderbird 60.7.1 Released

New version of the email client now available

Jun 14, 2019 09:05 GMT  ·  By
Mozilla Thunderbird getting new security patches
   Mozilla Thunderbird getting new security patches

Mozilla has released a new update for Thunderbird email client on the supported desktop platforms, namely Windows, Linux, and macOS.

Thunderbird continues to be one of the top email clients on all these operating systems, despite the majority of updates shipped by Mozilla bringing nothing else than bug fixes and small refinements here and there.

This is also the case of Thunderbird 60.7.1, which includes just two different improvements, comes with a fix for a bug removing the prompt for smartcard PIN when S/MIME signing was used.

Needless to say, this isn't something that you might experience if you're a home user, but refinements like this are always welcome especially because they improve the overall reliability of the app.

On the other hand, there are several important security fixes, as listed below:  

CVE-2019-11703: Heap buffer overflow in icalparser.c
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash.
CVE-2019-11704: Heap buffer overflow in icalvalue.c
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash.
CVE-2019-11705: Stack buffer overflow in icalrecur.c
A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash.
CVE-2019-11706: Type confusion in icalproperty.c
A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash.
  The heap and buffer overflow bugs can lead to a potentially exploitable crash, whereas the type confusion issue can only close the app with no further possible damage. The first three CVEs mentioned above have received a high severity rating, while the fourth has a low impact.

There are two issues in this release, but both of them exist in the previous builds too. First of all, the Twitter module no longer works because of API changes on the service, and second of all, profiles stored on Windows network shares are accessible via UNC not with drive letter.

You can download Mozilla Thunderbird for Windows, Linux, and Mac using these links.