[German]On June 20, 2019 the Thunderbird developers released an update of the email client Thunderbird to version 60.7.2. This is a security update that closes critical vulnerabilities. Here is some information about it.
Advertising
German blog reader MGC pointed out the update in this comment (thanks for that) – but I haven't had the time to publish an article. Today I checked Thunderbird on my system. The update was detected during an update search in Thunderbird Portable and installed without any issues.
The changes can be found in the Release Notes. The update fixes the following vulnerabilities, some of which are rated "high":
- CVE-2019-11707: Type confusion in Array.pop: critical; A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in
Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. - CVE-2019-11708: sandbox escape using Prompt:Open: high; Insufficient vetting of parameters passed with the
Prompt:OpenIPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer.
Known issues are: Due to changes in the Mozilla platforms stored on Windows network profiles, shares addressed by drive letters are now addressed by UNC and chat: Twitter does not work because the API on Twitter.com has been changed.
Thunderbird is available for Window: Windows 7, Windows Server 2008 R2 or higher; Mac: Mac OS X 10.9 or higher and Linux: GTK+ 3.4 or higher available (see). You can download it here.
Advertising
