Mozilla Messaging patches Thunderbird bugs
Mozilla Messaging Thursday patched five bugs in its Thunderbird e-mail client
to fix flaws that were disclosed more than a month ago.
Thunderbird 2.0.0.14 patches vulnerabilities in the Firefox
engine, which the open-source e-mailer uses to render HTML. The same holes were
closed in late March for the Mozilla Web browser.
The bugs, which could be exploited by rogue JavaScript, had gone
unfixed in Thunderbird because of resource shortages at the Mozilla spinoff,
according to comments made at the time by its CEO, David Ascher. "Some
of those resource contentions are due to not enough automation for the Thunderbird
release process, and some of it is the consequence of not enough people with
the right training," he said then.
Rather than delay updates to Firefox users -- who greatly outnumber those who
use Thunderbird -- Mozilla instead decided not to wait until Thunderbird's fixes
could be crafted.
Mozilla Messaging rated Thursday's vulnerabilities as "Moderate,"
the second level in its four-step threat-ranking system, even though they were
originally labeled as "Critical" when patched in Firefox.
"Thunderbird shares the browser engine with Firefox and could be vulnerable
if JavaScript were to be enabled in mail," Mozilla said in the security
advisories that accompanied Thursday's update. "This is not the default
setting and we strongly discourage users from running JavaScript in mail."
Thunderbird 2.0.0.14 can be downloaded from the Mozilla
site in versions for Windows, Mac
OS X and Linux. People running the e-mail client can call up its built-in
updater or wait for the automatic update notification, which typically appears
within 48 hours after a new version is added to Mozilla's servers.
Most of Mozilla Messaging attention is now on Thunderbird 3.0, which has yet
to release in its first
alpha version. The company has not committed to a release schedule for the
e-mail client's next major upgrade.
Mozilla Messaging is a subsidiary of the nonprofit Mozilla Foundation, and
was created last year as a companion to Mozilla
Corp., which develops Firefox, after Mitchell Baker, then the CEO of Mozilla
Corp., said her company would stop
development because it needed to focus on its browser. Baker seeded Mozilla
Messaging with US$3 million in start-up cash last September, and hired Ascher,
who had led the Python projects at ActiveState Software, a programming tools
developer in Vancouver, British Columbia.
» posted by abennett
Computerworld
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
VMware ESX Server in the Enterprise
By Edward L. Haletky
Published Dec 29, 2007 by Prentice Hall.
Enter now! | Official rules | Sample chapter
Green IT
By Toby Velte, Anthony Velte, Robert C. Elsenpeter
To be published Oct. 10, 2008 by McGraw Hill Professional
Enter now! | Official rules | About the book
