On March 25, 2019, the Mozilla developers have released the email client Thunderbird version 60.6.1. This is a maintenance update which closes security gaps. Here is some information about it.
Advertising
The changes can be found in the release notes. They fixed the two following vulnerabilities mentioned within this security advisory:
- CVE-2019-9810: IonMonkey MArraySlice has incorrect alias information: Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow.
- CVE-2019-9813: Ionmonkey type confusion with __proto__ mutations: ncorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write.
The vulnerabilities are classified as critical – users should update the Thunderbird as soon as possible. The following issues has not been fixed:
- Due to changes in the Mozilla platform profiles stored on Windows network shares addressed via drive letters are now addressed via UNC.
- Chat: Twitter not working due to API changes at Twitter.com.
Thunderbird is available for Window: Windows 7, Windows Server 2008 R2 or later, macOS 10.9 or later and Linux: GTK+ 3.4 or later (see). Thanks to Mike for the tip.
