We recommend that you upgrade your Mozilla Thunderbird and Icedove packages. Click on the End-To-End Encryption tab from the left side menu to add your personal key. Then, click on the Account Settings menu. Click on the cog icon on the bottom of the left sidebar to open the Settings menu of Thunderbird. Have been fixed in version 1.5.0.9.dfsg1-1 of icedove. Once you have downloaded the latest version of Thunderbird, set up your email account on Thunderbird. įor the stable distribution (sarge) these problems have been fixed inįor the testing (etch) and unstable (sid) distribution these problems "moz_bug_r_a4" reported that the src attribute of an IMG elementĬould be used to inject JavaScript code. Steven Michaud discovered a programming bug that allows remoteĪttackers to cause a denial of service. To gain privileges and install malicious code via the watch If you are looking for a secure and feature-rich email client but are confused between the two most popular email clients, i.e., Mozilla Thunderbird and Outlook, continue reading this blog to learn the differences between the two email clients and get more clarity before you make your decision. "shutdown" discovered a vulnerability that allows remote attackers Several vulnerabilities in the JavaScript engine allow remoteĪ bug in the js_dtoa function allows remote attackers to cause a Several vulnerabilities in the layout engine allow remoteĪttackers to cause a denial of service and possibly permit them to The Common VulnerabilitiesĪnd Exposures project identifies the following vulnerabilities: 1) Installing the S/MIME certificate in the personal certificate store 2) Importing the S/MIME certificate to Mozilla Thunderbird profile 3) Signing and. Several security related problems have been discovered in Mozilla andĭerived products such as Mozilla Firefox. The Thunderbird 91.3 update, released on November 3, resolves a total of seven high impact vulnerabilities as well as three moderate severity flaws, as detailed in Mozilla’s advisory.Debian Security Advisory DSA-1258-1 mozilla-thunderbird - several vulnerabilities Date Reported: Affected Packages: mozilla-thunderbird Vulnerable: Yes Security database references: In the Bugtraq database (at SecurityFocus): BugTraq ID 21668. “This could lead to spoofing attacks on the browser UI (user interface) including phishing,” Mozilla warns. Mozilla addressed the problem by “disabling the Opportunistic Encryption feature”, which it reports has “low usage”.Īnother high impact vulnerability – tracked as CVE-2021-38506 – meant that Thunderbird could be forced into fullscreen mode without triggering any notification or warning to its user. RELATED HTTP/2 flaws expose organizations to fresh wave of request smuggling attacks port 8443) did not opt-in to opportunistic encryption a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP,” a security advisory by Mozilla explains. “If a second encrypted port on the same IP address (e.g. Security researcher Takeshi Terada discovered that the technology offers a means to bypass the same-origin policy (SOP) on services hosted on other ports. The seldom-used Opportunistic Encryption feature of HTTP/2 allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection – including being same-origin with unencrypted connections on port 80. The vulnerability – more details on which can be found on the Bugzilla bug tracker – was discovered by security researcher Armin Ebert.Ī more subtle but likewise high-impact vulnerability ( CVE-2021-38507) creates a means to bypass the privacy and integrity protections offered by secure HTTPS connections. Read more of the latest email security news The CVE-2021-38503 vulnerability meant that iframe sandbox rules were not correctly applied to XSLT stylesheets, potentially allowing a malicious iframe to “bypass restrictions such as executing scripts or navigating the top-level frame”. Mozilla has updated its Thunderbird email client to resolve an array of security flaws, including four high-severity web security vulnerabilities. Multiple flaws in email client resolved with security update
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |