Mozilla patched nine security vulnerabilities in Thunderbird.
Thunderbird 220.127.116.11, which was added to Mozilla’s download servers also quashes nine bugs, including one that was patched in Firefox last week, the company’s open-source browser. The remainder fix flaws that were first addressed in early July when Mozilla updated Firefox to version 18.104.22.168.
Seven of the nine bugs were rated moderate by Mozilla, the second-lowest of the four rankings in its threat system. The other two were low.
The bug patched in Thunderbird 23rd Jul that was fixed in Firefox before it was in the browser rendering engine’s CSSValue array data structure. According to Mozilla, the vulnerability could be used by hackers to force a crash, and from there, run malicious code. Several other just-patched Thunderbird vulnerabilities could also be used by attackers to execute code remotely.
Thunderbird 2.x, like its browser sibling, is on the way out. Most of Mozilla’s attention is now on Thunderbird 3.0, which has been available as an Alpha 1 preview for more than two months.
Users can download Thunderbird in versions for Windows, Mac OS X and Linux from the Mozilla site, the e-mail client’s built-in updater or wait for the automatic update notification.