[German]Mozilla's developers have released the email client Thunderbird version 60.5.1. This is an important maintenance update which fixes some vulnerabilities and bugs. Here is some information about it.
German blog reader Ralf pointed out the new release in this comment (thanks for that). I just started the update search in Thunderbird, and got the update offered.
According to the release notes the CalDav access for some servers, which did not work so far, was patched. Furthermore, some highly rated vulnerabilities from this list have been fixed.
- CVE-2018-18356: Use-after-free in Skia
- CVE-2019-5785: Integer overflow in Skia
- CVE-2018-18335: Buffer overflow in Skia with accelerated Canvas 2D
- CVE-2018-18509: S/MIME signature spoofing
In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. However, the following issues have not yet been resolved:
-
Due to changes in the Mozilla platform profiles stored on Windows network shares addressed via drive letters are now addressed via UNC
-
Chat: Twitter not working due to API changes at Twitter.com