Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thunderbird 102.5.1 fixes a security issue in the email client
#1
Information 
Quote:Thunderbird 102.5.1 is a security update for the open source email client that patches a single security issue in the application. The new version of Thunderbird includes several non-security fixes and a Mail extension API update.

[Image: thunderbird-102.5.1.png]

Thunderbird 102.5.1 is already available. Existing users may speed up the installation of the update by selecting Menu > Help > About Thunderbird.

The email client displays the current version and runs a check for updates. Any update found may then be installed to resolve the security issue the non-security issues.

Thunderbird 102.5.1The single security issue that affects previous versions of Thunderbird has a severity rating of moderate. The official security notice reveals that it could result in the loading of remote content in Thunderbird, even if remote content is blocked by default in the email client.
 
Quote:CVE-2022-45414: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content

The leak requires quite a few conditions and is likely the reason why it has been rated moderate. Users would have to reply HTML emails or quote them using other means, and the HTML email needed to contain either a Video tag with the Poster attribute or an Object tag with a Data attribute, for the leaking to occur.

Thunderbird 102.5.1 addresses two non-security issues as well. The first displayed the calendar picker "behind" the Send Later window. The second issue omitted the copy to again menu after copying a message to a folder with an unicode name on an unicode-enabled IMAP server.

The new Thunderbird release includes a number of WebExtension API defects that were uplifted from development versions of the email client. Thunderbird extension developers may want to check the list on Bugzilla for a full rundown.

Here is the link to the official release notes of Thunderbird 102.5.1 for those interested.

Thunderbird 102 users may want to install the update as soon as possible, even though it seems unlikely that the issue is exploited on scale.

Now You: which version of Thunderbird do you run, if any?
...
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  • ismail
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>