[German]Mozilla's developers released an update of the email client Thunderbird to version 60.7.1 on June 13, 2019. This is a maintenance update which closes critical security gaps. Here is some information about it.
Advertising
German blog reader Ralf mentioned within this comment (thanks). I checked it on my system. The update was detected during an update search on the Thunderbird Portable and installed without complaint.
The changes can be found in the release notes. Things that are fixed now, are: No prompt for smartcard PIN when S/MIME signing is used. In addition, the following vulnerabilities, which are rated 'high', has been fixed:
- CVE-2019-11703: Heap buffer overflow in icalparser.c: high; A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in
parser_get_next_charwhen processing certain email messages, resulting in a potentially exploitable crash. - CVE-2019-11704: Heap buffer overflow in icalvalue.c: high; A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in
icalmemory_strdup_and_dequotewhen processing certain email messages, resulting in a potentially exploitable crash. - CVE-2019-11705: Stack buffer overflow in icalrecur.c: high; A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in
icalrecur_add_bydayruleswhen processing certain email messages, resulting in a potentially exploitable crash. - CVE-2019-11706: Type confusion in icalproperty.c: low; A flaw in Thunderbird's implementation of iCal causes a type confusion in
icaltimezone_get_vtimezone_propertieswhen processing certain email messages, resulting in a crash.
Known Issues are: Due to changes in the Mozilla platform profiles stored on Windows network shares addressed via drive letters are now addressed via UNC – and Chat: Twitter not working due to API changes at Twitter.com.
Advertising
