[German]Mozilla’s developers have released the email client Thunderbird version 60.5.1. This is an important maintenance update which fixes some vulnerabilities and bugs. Here is some information about it.
German blog reader Ralf pointed out the new release in this comment (thanks for that). I just started the update search in Thunderbird, and got the update offered.
- CVE-2018-18356: Use-after-free in Skia
- CVE-2019-5785: Integer overflow in Skia
- CVE-2018-18335: Buffer overflow in Skia with accelerated Canvas 2D
- CVE-2018-18509: S/MIME signature spoofing
In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. However, the following issues have not yet been resolved:
Due to changes in the Mozilla platform profiles stored on Windows network shares addressed via drive letters are now addressed via UNC
Chat: Twitter not working due to API changes at Twitter.com