2019
28.10
Thunderbird 68.2 – Critical vulnerabilities closed

Attackers could attack Thunderbird in several ways to crash the application or even execute malicious code. Mozilla has closed a total of nine vulnerabilities in the current issue of Thunderbird 68.2 for all operating systems.

In a warning message, the developers classify the security risk as “critical”. If you use the mail client, you should update it quickly. To do this under Windows, all you have to do is click “Help / About Thunderbird” in the menu. There you can see which output is installed. If this is not up to date, the update starts immediately. Over the majority of vulnerabilities, attackers could trigger storage errors in a variety of ways. This is a procedure to push and execute malicious code in memory registers. In this case, this works, for example, when Thunderbird processes a prepared XML input. Some of the loopholes are also found in the Mozilla browsers Firefox and Firefox ESR, which also received security updates.

back