Saturday, January 3, 2009

Thunderbird Fixes Seven Vulnerabilities

A new version of Mozilla's email application Thunderbird was released last Wednesday to fix seven flaws rated, five of which were rated as moderate.

Thunderbid 2.0.0.19 addressed a vulnerability titled XSS and JavaScript privilege escalation, which involves XBL binding and can be used to "violate the same-origin policy and execute arbitrary JavaScript within the context of a different website, according to a Mozilla press release.

Another flaw, XMLHttpRequest 302 response disclosure, could have allowed sensitive data on a machine to be revealed.

However, the "cross-domain data theft via script redirect error message" may be the flaw that could have potentially caused the most damage. Had it been left unfixed, it could have been used by a malicious website to steal private data from users on a redirected website.

The five moderate flaws were the same fixed in the latest Firefox browser update last month, which appeared to be a response to the security issues IE was experience with its Zero Day flaw.

0 comments until now.