Cyber security news for all


    Several vulnerabilities in Thunderbird could be a danger in browser contexts

    In the current Thunderbird Advisory, the developers note that the misuse of the gaps in the email client is normally not possible because scripting is deactivated by default when reading an email. Nevertheless, they could pose a danger in browser like contexts. Regardless of these restrictions, users should play it safe and check whether Thunderbird is up to date.

    2 Bug Errors That Damage Data Values

    CVE-2020-6819 and CVE-2020-6820 are free bug errors that allow the description of released memory areas. This can lead to program crashes and unexpected data values ​​or any code can be executed.

    The new Thunderbird edition also brings new features and improvements, which mostly concern extensions. Add-ons are now updated automatically. Mail extensions can now access the raw data of a message. The function message can now mark mail as junk or no junk.

    A Security Vulnerability Is Particularly Noticeable

    If previously saved mailbox passwords were only saved with a master password after an update to the new version, an outdated password file was still found in the profile folder unsecured.

    Version 68.6 also includes two bug fixes. On the one hand, a bug in the search of message texts in certain HTML emails was fixed. On the other hand, the retrieval of new emails now also works with accounts that use authentication. Two minor innovations are also available. A pop-up window now opens when a new profile is started and Thunderbird now offers partial updates, which leads to smaller downloads.

    Overall, the security risk is considered critical. It can be assumed that all previous editions are threatened and all operating systems are affected.

    In a warning message, Mozilla confirms that the vulnerabilities cannot be exploited by simply receiving an email. This is because scripting is turned off by default. Rather, it could be dangerous in a browser like context.

    Recent Articles

    Hackers send malicious Azure Cloud apps to Microsoft

    Microsoft has banned some Azure Cloud applications from its cloud that the company identified as part of an attack infrastructure. Microsoft describes the approach...

    Vodafone experiences a vulnerability with fatal effects

    The injected JavaScript can access the session cookies from Vodafone website and send them to a server. An attacker can take over the session...

    Maze leaks data on its own platform

    The Maze ransomware has been up to almost a year and a half. This week, security experts warned about the actions of the cyber...

    Emotet to spread the malware behind email archives

    If you find an attached pack to an email these days, you should be particularly careful: the highly developed malware Emotet could be lurking...

    500,000 Activision accounts have been leaked

    Activision has taken a position on the alleged leak. According to the publisher, there has never been a data leak. In some cases it is...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox