8/28/2023 0 Comments Thunderbird updates![]() Castellani explains in a blog post that Thunderbird is practically "a bunch of code running on top of Firefox". The tower is still standing, but it is difficult to replace parts that are no longer needed or need modernization. Product design manager Alessandro Castellani compared Thunderbird's current base to an "old, fragile LEGO tower". ![]() ![]() The dedicated team wants to improve Thunderbird in three main areas in the coming three years, beginning with this one: modernize the aging code base of the free email client, create an interface redesign, and start to release new versions of the email client on a monthly basis, similar to Firefox's release schedule. With both of these tasks accomplished, you should no longer be at risk from either CVE.The small team of developers plans to release Thunderbird 115, codename Supernova, in July 2023. By default, it's set to update manually, but you can select similar options to Firefox using the Advanced optionin the Updates tab. The update process for Thunderbird is much the same as Firefox. Check for updates but let you choose to install them.In Firefox, navigate to Settingsand then click General> Firefox Updates.įrom here, select the most suitable option from Allow Firefox to: As a result, you'll need to manually apply the update. ![]() If you don'thave Firefox or Thunderbird set to update automatically, the fix won't be present. This isn't the case for all installations, however. If this is the case, you should already have the security fixes applied and you have nothing to worry about. Most installations of Thunderbird and Firefox will be set to update by default. In this case, Mozilla says that untrusted user input was used in object indexing, leading to prototype pollution, which could have allowed an attacker to execute malicious JavaScript code in a privileged context. According to Mozilla, an attacker who was able to corrupt the methods of an Array object in JavaScript via prototype pollution, could have executed malicious JavaScript code in a privileged context.ĬVE-2022-1529is another critical prototype pollution vulnerability. The two issuescome with the following description:ĬVE-2022-1802is a critical prototype pollution vulnerability. At time of writing, the expected release date for this is May 31. The fix for this Tails issue may not be seen until at least version 5.1. This vulnerability doesn't break the anonymity and encryption of Tor connections. This vulnerability allows a malicious website to bypass some of the security built in Tor Browser and access information from other websites.įor example, after you visit a malicious website, an attacker controlling this website might access the password or other sensitive information that you send to other websites afterwards during the same Tails session. This is because it could be potentially vulnerableto CVE-2022-1802: Users of the anti-surveillance Tails Operating Systemhave been warned to stop using the bundled Tor browser until a fix goes live. For users of Thunderbird, the vulnerability there is in relation to Thunderbird 91.9.91.Īdditionally, there is some fallout beyond the standard versions of Firefox and Thunderbird. The vulnerabilities, discovered in the Firefox JavaScript engine (shared by the Firefox-based Tor browser) relate to Firefox 100.0.2, Firefox for Android 100.3.0, and Firefox ESR 91.9.1. Mozilla has published updates for two critical security issues in Firefox and Thunderbird, demonstrated during Pwn2Own Vancouver.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |