Cyber security news for all


    Several vulnerabilities in Thunderbird could be a danger in browser contexts

    In the current Thunderbird Advisory, the developers note that the misuse of the gaps in the email client is normally not possible because scripting is deactivated by default when reading an email. Nevertheless, they could pose a danger in browser like contexts. Regardless of these restrictions, users should play it safe and check whether Thunderbird is up to date.

    2 Bug Errors That Damage Data Values

    CVE-2020-6819 and CVE-2020-6820 are free bug errors that allow the description of released memory areas. This can lead to program crashes and unexpected data values ​​or any code can be executed.

    The new Thunderbird edition also brings new features and improvements, which mostly concern extensions. Add-ons are now updated automatically. Mail extensions can now access the raw data of a message. The function message can now mark mail as junk or no junk.

    A Security Vulnerability Is Particularly Noticeable

    If previously saved mailbox passwords were only saved with a master password after an update to the new version, an outdated password file was still found in the profile folder unsecured.

    Version 68.6 also includes two bug fixes. On the one hand, a bug in the search of message texts in certain HTML emails was fixed. On the other hand, the retrieval of new emails now also works with accounts that use authentication. Two minor innovations are also available. A pop-up window now opens when a new profile is started and Thunderbird now offers partial updates, which leads to smaller downloads.

    Overall, the security risk is considered critical. It can be assumed that all previous editions are threatened and all operating systems are affected.

    In a warning message, Mozilla confirms that the vulnerabilities cannot be exploited by simply receiving an email. This is because scripting is turned off by default. Rather, it could be dangerous in a browser like context.

    Recent Articles

    Russian Cybercriminal Behind “Cardplanet” Site Sentenced

    According to the United States Department of Justice, a Russian cybercriminal, Aleksey Burkov, 30—who operated Cardplanet site: a site that trafficked stolen card details—has...

    Hackers Used Malicious Docker Images to Mine Monero

    Researchers found malicious images on Docker Hub used for crypto mining. Palo Alto Networks' Unit  42, unraveled a crypto mining scheme which uses malicious Docker...

    NSA outlines requirements for secure collaboration services for US government telework

    The new National Security Agency (NSA) guidelines are a window of security for users. Everyone has been trying to return to their lives since...

    Cybercriminals threaten to sell off “scandalous” files swiped from Mariah Carey, Nicki Minaj, Puff Daddy’s legal eagles

    There's no escaping these cybercriminals. In a recent case of "cyber-extortion," threat actors known as REvil, are threatening to expose celebrity "dirt." These threat actors...

    Twitter apologises for exposed customers data

    In what is described as a "data security incident," sensitive details of Twitter's customers were exposed. Unlike other cases of a breach which are...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox