{"id":4790,"date":"2018-01-27T00:05:00","date_gmt":"2018-01-26T23:05:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=4790"},"modified":"2024-10-03T00:27:31","modified_gmt":"2024-10-02T22:27:31","slug":"thunderbird-52-6-0-security-update","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2018\/01\/27\/thunderbird-52-6-0-security-update\/","title":{"rendered":"Thunderbird 52.6.0 security update"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"http:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2012\/07\/Mozilla.jpg\" align=\"left\">[<a href=\"https:\/\/web.archive.org\/web\/20240104095650\/https:\/\/www.borncity.com\/blog\/2018\/01\/26\/thunderbird-52-6-0-sicherheitsupdate\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Mozilla developers have released version 52.6.0 of the Thunderbird email client. Thunderbird users should update promptly as the client is vulnerable to multiple vulnerabilities. <\/p>\n<p><!--more--><\/p>\n<p>I just got the update request to Thunderbird to version 52.6.0 a day ago, see the following screen shot. <\/p>\n<p><img decoding=\"async\" title=\"Thunderbird 52.6.0\" alt=\"Thunderbird 52.6.0\" src=\"https:\/\/i.imgur.com\/KYYvTNn.jpg\"><\/p>\n<p>According to the <a href=\"https:\/\/www.mozilla.org\/en-US\/thunderbird\/52.6.0\/releasenotes\/?buildid=20180123185941&amp;locale=de&amp;os=WINNT&amp;uri=\/thunderbird\/releasenotes\/&amp;version=52.6.0\" target=\"_blank\" rel=\"noopener\">release notes<\/a> the mail client is available for <\/p>\n<p>\u2022 Window: Windows XP, Windows Server 2003 or later<br \/>\u2022 Mac: Mac OS X 10.9 or later<br \/>\u2022 Linux: GTK+ 3.4 or higher  <\/p>\n<h2>Critical security vulnerabilities closed<\/h2>\n<p>This <a href=\"https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2018-04\/#CVE-2018-5095\" target=\"_blank\" rel=\"noopener\">Advisory<\/a> lists several critical vulnerabilities, that has been closed in Thunderbird Version 52.6.0:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2018-04\/#CVE-2018-5095\" target=\"_blank\" rel=\"noopener\">CVE-2018-5095: Integer overflow in Skia library during edge builder allocation<\/a>,\n<li><a href=\"https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2018-04\/#CVE-2018-5096\">CVE-2018-5096: Use-after-free while editing form elements<\/a>\n<li><a href=\"https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2018-04\/#CVE-2018-5097\">CVE-2018-5097: Use-after-free when source document is manipulated during XSLT<\/a>\n<li><a href=\"https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2018-04\/#CVE-2018-5098\">CVE-2018-5098: Use-after-free while manipulating form input elements<\/a>\n<li><a href=\"https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2018-04\/#CVE-2018-5099\">CVE-2018-5099: Use-after-free with widget listener<\/a>\n<li><a href=\"https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2018-04\/#CVE-2018-5102\">CVE-2018-5102: Use-after-free in HTML media elements<\/a>\n<li><a href=\"https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2018-04\/#CVE-2018-5103\">CVE-2018-5103: Use-after-free during mouse event handling<\/a>\n<li><a href=\"https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2018-04\/#CVE-2018-5104\">CVE-2018-5104: Use-after-free during font face manipulation<\/a>\n<li><a href=\"https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2018-04\/#CVE-2018-5117\">CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right<\/a>\n<li><a href=\"https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2018-04\/#CVE-2018-5103\">CVE-2018-5103: Use-after-free during mouse event handling<\/a>\n<li><a href=\"https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2018-04\/#CVE-2018-5089\">CVE-2018-5089: Memory safety bugs fixed in Firefox 58, Firefox ESR 52.6, and Thunderbird 52.6<\/a><\/li>\n<\/ul>\n<p>Generally, however, these vulnerabilities cannot be exploited by email in the Thunderbird product because scripts are disabled when reading email. However, these vulnerabilities are potentially risky in browser or browser-like contexts.<\/p>\n<h2>Other fixes<\/h2>\n<p>The <a href=\"https:\/\/www.mozilla.org\/en-US\/thunderbird\/52.6.0\/releasenotes\/?buildid=20180123185941&amp;locale=de&amp;os=WINNT&amp;uri=\/thunderbird\/releasenotes\/&amp;version=52.6.0\" target=\"_blank\" rel=\"noopener\">changelog<\/a> enlists the following additional fixes. <\/p>\n<ul>\n<li>\n<p>Searching message bodies of messages in local folders, including filter and quick filter operations, not working reliably: Content not found in base64-encode message parts, non-ASCII text not found and false positives found. <\/p>\n<li>\n<p>Defective messages (without at least one expected header) not shown in IMAP folders but shown on mobile devices.<\/p>\n<li>\n<p>Calendar: Unintended task deletion if numlock is enable. <\/p>\n<\/li>\n<\/ul>\n<p>I updated my Thunderbird portable without issues. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Mozilla developers have released version 52.6.0 of the Thunderbird email client. Thunderbird users should update promptly as the client is vulnerable to multiple vulnerabilities.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22],"tags":[69,1239,195],"class_list":["post-4790","post","type-post","status-publish","format-standard","hentry","category-update","tag-security","tag-thunderbird","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/4790","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=4790"}],"version-history":[{"count":1,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/4790\/revisions"}],"predecessor-version":[{"id":35319,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/4790\/revisions\/35319"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=4790"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=4790"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=4790"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}