Linux News Today: Mozilla Releases Thunderbird 38.4.0 to Patch High and Critical Security Issues

Mozilla announced the release of a new maintenance version of the popular, open source, and cross-platform Mozilla Thunderbird 38 email and news client for all supported operating systems, including GNU/Linux, Mac OS X, and Windows.

According to the release notes, the Mozilla Thunderbird 38.4.0 release is here to fix multiple high and critical security vulnerabilities that have been either discovered by various Mozilla hackers or reported by users since the previous version of the open-source software.

Among the critical vulnerabilities patched in Mozilla Thunderbird 38.4.0, we can mention memory corruption issues in the NSPR (Netscape Portable Runtime) and NSS (Network Security Services) components, various memory safety hazards, as well as a few security flaws discovered through code inspection.

Five high-impact vulnerabilities were patched as well

In addition to the critical security vulnerabilities listed above, Mozilla Thunderbird 38.4.0 also addresses five high-impact issues, such as a memory corruption in the libjar library when dealing with zip archives, as well as a crash in the JavaScript garbage collection component with the Java applet.

Furthermore, a buffer overflow that occurred during image interactions in canvas has been fixed, a bypass of CORS (Cross-Origin Resource Sharing) preflight related to non-standard Content-Type headers was resolved, and a bypass of the same-origin policy issue, which occurred when trailing whitespaces were found in IP address hostnames, has been patched.

Last but not least, Mozilla Thunderbird 38.4.0 also addresses a moderated security vulnerability, where the mixed content WebSocket policy could bypass through workers. Also, users can now move multiple messages from a maildir folder to an mbox one.

Download Mozilla Thunderbird 38.4.0 for GNU/Linux, Mac OS X, and Microsoft Windows operating systems right now from Softpedia. All users are urged to update their Mozilla Thunderbird clients to the new version as soon as possible via the built-in updater.

Via Softpedia

Wagiman Wiryosukiro

Petani Sistem Informasi, tukang las plugin & themes Wordpress. Co-Founder SistemInformasi.biz. Saat ini aktif sebagai Developer & kontributor di OpenMandriva Linux.

You may also like...

%d bloggers like this: