Linux News Today: Mozilla Releases Thunderbird 38.4.0 to Patch High and Critical Security Issues
Mozilla announced the release of a new maintenance version of the popular, open source, and cross-platform Mozilla Thunderbird 38 email and news client for all supported operating systems, including GNU/Linux, Mac OS X, and Windows.
According to the release notes, the Mozilla Thunderbird 38.4.0 release is here to fix multiple high and critical security vulnerabilities that have been either discovered by various Mozilla hackers or reported by users since the previous version of the open-source software.
Among the critical vulnerabilities patched in Mozilla Thunderbird 38.4.0, we can mention memory corruption issues in the NSPR (Netscape Portable Runtime) and NSS (Network Security Services) components, various memory safety hazards, as well as a few security flaws discovered through code inspection.
Five high-impact vulnerabilities were patched as well
Furthermore, a buffer overflow that occurred during image interactions in canvas has been fixed, a bypass of CORS (Cross-Origin Resource Sharing) preflight related to non-standard Content-Type headers was resolved, and a bypass of the same-origin policy issue, which occurred when trailing whitespaces were found in IP address hostnames, has been patched.
Last but not least, Mozilla Thunderbird 38.4.0 also addresses a moderated security vulnerability, where the mixed content WebSocket policy could bypass through workers. Also, users can now move multiple messages from a maildir folder to an mbox one.
Download Mozilla Thunderbird 38.4.0 for GNU/Linux, Mac OS X, and Microsoft Windows operating systems right now from Softpedia. All users are urged to update their Mozilla Thunderbird clients to the new version as soon as possible via the built-in updater.