Thunderbird 68.9.0 released with security fixes

[German]The developers of the e-mail client Thunderbird released version 68.9.0 on June 3, 2020. This is a maintenance update for the 68 main version of the e-mail client, which corrects some bugs and fixes other vulnerabilities classified as high. So if you use this mail client, you should update it as soon as possible. 


Advertising

The reference to the new version already came from Gerold in a comment (thanks for that). Of course I tested immediately, and was offered the new version. During a quick check the update installed itself without any problems and I could not detect any errors. According to the release notes there are the following fixes for the new Thunderbird version:

  • Custom headers added for searching or filtering could not be removed
  • Calendar: Today Pane updated prior to loading all data
  • Stability improvements

In addition, several vulnerabilities were fixed in this version. These are classified as High, so the update should be installed.

  • CVE-2020-12399: Timing attack on DSA signatures in NSS library
  • CVE-2020-12405: Use-after-free in SharedWorkerService
  • CVE-2020-12406: JavaScript Type confusion with NativeTypes
  • CVE-2020-12410: Memory safety bugs fixed in Thunderbird 68.9.0
  • CVE-2020-12398: Security downgrade with IMAP STARTTLS leads to information leakage

A list of vulnerabilities that have been fixed can be found here. There are also explanations of the individual vulnerabilities.

System requirements

The system requirements for the different operating system versions (see also): 

  • Windows: Windows 7, Windows Server 2008 R2 or higher
  • Mac: Mac OS X 10.9 or higher
  • Linux: GTK+ 3.4 or higher

The download is available here. By the way, the Thunderbird is free.


Advertising


Advertising

This entry was posted in Software, Update and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).