Cyber security news for all

More

    Several vulnerabilities in Thunderbird could be a danger in browser contexts

    In the current Thunderbird Advisory, the developers note that the misuse of the gaps in the email client is normally not possible because scripting is deactivated by default when reading an email. Nevertheless, they could pose a danger in browser like contexts. Regardless of these restrictions, users should play it safe and check whether Thunderbird is up to date.

    2 Bug Errors That Damage Data Values

    CVE-2020-6819 and CVE-2020-6820 are free bug errors that allow the description of released memory areas. This can lead to program crashes and unexpected data values ​​or any code can be executed.

    The new Thunderbird edition also brings new features and improvements, which mostly concern extensions. Add-ons are now updated automatically. Mail extensions can now access the raw data of a message. The function message can now mark mail as junk or no junk.

    A Security Vulnerability Is Particularly Noticeable

    If previously saved mailbox passwords were only saved with a master password after an update to the new version, an outdated password file was still found in the profile folder unsecured.

    Version 68.6 also includes two bug fixes. On the one hand, a bug in the search of message texts in certain HTML emails was fixed. On the other hand, the retrieval of new emails now also works with accounts that use authentication. Two minor innovations are also available. A pop-up window now opens when a new profile is started and Thunderbird now offers partial updates, which leads to smaller downloads.

    Overall, the security risk is considered critical. It can be assumed that all previous editions are threatened and all operating systems are affected.

    In a warning message, Mozilla confirms that the vulnerabilities cannot be exploited by simply receiving an email. This is because scripting is turned off by default. Rather, it could be dangerous in a browser like context.

    Recent Articles

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox