Browser Security News

Users of Thunderbird are being urged to update to version 2.0.0.12 of the open source email client to close several security holes. In the new version, the Mozilla developers remedy five vulnerabilities, one of which is categorized as critical because attackers can inject malicious code by means of specially crafted e-mails – and all users need to do is open the e-mail.

Existing users of Thunderbird should be offered the upgrade when they launch the program or look for updates. The critical hole can be exploited by emails containing specially crafted attachments. If the attachment is MIME-encoded, Thunderbird may reserve insufficient memory, possibly causing a buffer overflow on the heap and allowing injected code to be executed. The flaw also affects the SeaMonkey suite. Five security vulnerabilities patched in Thunderbird - News - heise Security UK