Mozilla patches nine security flaws in Thunderbird

Posted by Christian Zibreg

Chicago (IL) - The hype surrounding recently released Firefox 3 web browser has left Mozilla's popular open-source email client Thunderbird without a significant update since early May. Nine serious security flaws that exposed Thunderbird users to various risks have been discovered since then, forcing Mozilla to briefly shift focus from Firefox in order to patch the email client.

Following the recent Firefox 2 and 3 updates, Mozilla has updated its free email client Thunderbird. The first Thunderbird updates since mid-May address nine security flaws and bugs that could lead to memory leaks, unexpected exits, remote execution of malicious code and other security threats.

Thunderbird 2.0.0.16 fixes a CSS reference counter flaw (also fixed in Firefox 3.1) vulnerability, which could lead to a crash and the execution of malicious code. Other security issues, including a block re-flow that could open doors to remote code execution, a spoofing problem and a bug that could lead to the execution of arbitrary code are now plugged.

Similarly to Firefox, Thunderbird was not immune to memory leaks and improper addressing or handling chunks of system memory. The update fixes and issue that can result in uninitialized memory being used.

Mozilla's security advisor explains each fixed issues in finer details. Given the number bugs that are now patched, Mozilla advises all Thunderbird users to update their software to the latest version, which available as a free download for PC, Mac and Linux users.