Quantcast
PC World: Technology Advice You Can Trust
Search
Browse by Topic
Subscribe to magazine

Magazine

Subscribe & Get
a Bonus CD

Customer Service

Audio & Video Business Center Cameras Cell Phones & PDAs Desktop PCs Gadgets Gaming HDTV Laptops Macs & iPods Monitors Printers Software Spyware & Security Storage Upgrading Windows Vista & XP
Resource Centers
Asus Notebook Center
Intel Technology Center
CDW Solution Center
Lenovo Laptop Showcase
Try It Free
White Paper Library
Webcast Library
Most Popular Search Terms
Most Popular Products
Most Popular Downloads
Today at PC World
Today @ PC World
News, opinion, and links from the PC World staff.
Recent entries in this blog:
Saturday, July 21, 2007 1:36 PM PT Posted by Stuart Johnston

Thunderbird 'IE' Fix

The Mozilla organization has released an update to its Thunderbird 2.x e-mail client that fixes two critical security holes. These same fixes were also recently implemented in Firefox 2.0.0.5.

At that time, one of these holes generated a bit of controversy when researchers found an exploit that could take advantage of apparent flaws in both Firefox and Internet Explorer in a play to take over a user's PC remotely. (I discussed this at the time in an earlier posting.)

The two parties had a somewhat public row over whose problem it was.

The folks at Mozilla responded quickly and patched their end of the hole.

Microsoft is still saying that there's no bug that needs to be patched in IE at all. (I suspect, however, Microsoft will quietly come out with some kind of patch in the next few months that will fix or somehow mitigate the problem.)

It does seem logical that any time you have an interaction between two programs, especially ones involved in communications on the Web ? for example, one browser providing services to another ? what security researchers call the "attack surface" ? the number of possibly exploitable programming interfaces left exposed for another program to try to use to gain entry -- is expanded.

So we're likely to see more security flaws discovered in the near future that are based on unfortunate synergies between two or more programs interacting, especially involving IE.

Luckily, despite its "zero-day" status, there haven't been any reported attacks "in the wild" based on this hole so far. But as always, it's especially important to stay up to date on security fixes.

You can get the Thunderbird 2.0.0.5 update for Windows, Mac, and Linux from its download site.

If you already have Thunderbird 2.0.0.x, you should receive an automated update notification, according to Mozilla's alert.

You can learn more about the security fixes in Thunderbird 2.0.0.5 at Mozilla's security advisories page.

One other thing: The security vulnerabilities fixed in Thunderbird 2.0.0.5 don't impact you if you use Thunderbird 1.5.0.x so there's no update needed for Thunderbird 1.5.0.x series users.

Comments
Post a comment Post a comment
Recent Posts
More Bad News for Blu-Ray
McCain Pushes Fair Use on YouTube
Firefox Update Enters Beta
Googling Is Good For Your Brain
Apple vs. the Economy: Can the New Macs Really Sell?
Motorola, Verizon Deliver ZN4 Touch-Screen: Krave
Pimp Your Flip Mino with Customizable Designs
Archives
View posts from:
 

PC World's Marketplace

PC World's Free Whitepapers

QUICK LINKS: cheap laptops cell phones laser printers HDTV reviews LCD TV Plasmas digital cameras laptop reviews security antivirus windows vista reviews digital camera reviews inexpensive desktop LCD wide screen monitors
tech news tech blogs community & forums laptop prices software reviews downloads
About UsContact UsAdvertiseASME GuidelinesNewslettersFAQIDG InternationalMagazine Customer Service
© 1998-2008, PC World Communications, Inc.Terms of Service AgreementPrivacy PolicyCommunity Standards
RSS FeedsXML

Visit other IDG sites: