Changelog:
Fixed in Thunderbird 31.7
2015-57 Privilege escalation through IPC channel messages
2015-54 Buffer overflow when parsing compressed XML
2015-51 Use-after-free during text processing with vertical text enabled
2015-48 Buffer overflow with SVG content and CSS
2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)
CHangelog:
Fixed in Thunderbird 31.6
2015-40 Same-origin bypass through anchor navigation
2015-37 CORS requests should not follow 30x redirections after preflight
2015-33 resource:// documents can load privileged pages
2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin
2015-30 Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)
Changelog:
Fixed in Firefox/Thunderbird ESR 31.5
2015-24 Reading of local files through manipulation of form autocomplete
2015-19 Out-of-bounds read and write while rendering SVG content
2015-16 Use-after-free in IndexedDB
2015-12 Invoking Mozilla updater will load locally stored DLL files
2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)
Changelog:
Fixed The previous issues with jp mac builds have now been fixed, and Thunderbird will no longer need to be run in 32-bit mode.
Fixed Security fixes can be found here
Fixed Installing extensions within Thunderbird no longer requires download and installing as a file (Bug 1081190)
Fixed Autocomplete suggestion sort order was adjusted to prioritize entries where the search string matches the beginning of a word (Bug 970456)
Fixed in Thunderbird 31.4
2015-04 Cookie injection through Proxy Authenticate responses
2015-03 sendBeacon requests lack an Origin header
2015-01 Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)
Changelog:
Fixed Fixes an issue where using LDAP autocomplete could end up with blank entries in the compose addressing list (Bug 1045753)
Fixed Fixes an issue where IRC participants were not removed from the display on leaving a channel.
Fixed Fixes a regression where Thunderbird wasn't respecting the skip integration option on the default client dialog.
Fixed Security fixes can be found here
Fixed in Thunderbird 31.3
2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory
2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer
2014-88 Buffer overflow while parsing media content
2014-87 Use-after-free during HTML5 parsing
2014-85 XMLHttpRequest crashes with some input streams
2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)
Changelog:
31.2.0:
Fixed
Fixed a case where having a contact and card in an address book with the same name could send to the mailing list (Bug 1008718)
Fixed
Invalid certificate issue with mozilla::pkix (see bug 1042889)
Fixed
Importing an RSA private key fails if p < q (see bug 1049435)
Fixed
Security fixes can be found here
31.1.2:
Fixed
Fixed an issue where anchor links would not work in HTML emails (Bug 974857)
Fixed
Security fixes can be found here
31.1.1:
Fixed
Fixed an issue where mailing lists with spaces in their names couldn't be autocompleted (Bug 1060901)
Fixed
Fixed an occasional startup crash (Bug 1005336)
31.1.0:
Fixed
Security fixes can be found here
Fixed
Improved performance of autocomplete for large address books (Bug 984875)
Fixed
Fixed an issue with IMAP being slow when looking for folders on certain server types (Bug 799821, Bug 859269)
Fixed
Fixed various theme issues relating to titlebars and toolbars (Bug 1007225, Bug 1026608, Bug 1041211, Bug 1046563, Bug 1054260)
# Fixed in Thunderbird 31.2
2014-81 Inconsistent video sharing within iframe
2014-79 Use-after-free interacting with text directionality
2014-77 Out-of-bounds write with WebM video
2014-76 Web Audio memory corruption issues with custom waveforms
2014-75 Buffer overflow during CSS manipulation
2014-74 Miscellaneous memory safety hazards (rv:33.0 / rv:31.2)
# Fixed in Thunderbird 31.1.2
2014-73 RSA Signature Forgery in NSS
# Fixed in Thunderbird 31.1
2014-72 Use-after-free setting text directionality
2014-70 Out-of-bounds read in Web Audio audio timeline
2014-69 Uninitialized memory use during GIF rendering
2014-68 Use-after-free during DOM interactions with SVG
2014-67 Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8)
* Update enigmail to 1.7
Changelog:
NEW
Autocompleting email addresses now matches against any part of the name or email (bug 529584)
NEW
Composing a mail to a newsgroup will now autocomplete newsgroup names (bug 61491)
FIXED
Insecure NTLM (pre-NTLMv2) authentication disabled (see 828183)
Fixed in Thunderbird 31
MFSA 2014-66 IFRAME sandbox same-origin access through redirect
MFSA 2014-65 Certificate parsing broken by non-standard character encoding
MFSA 2014-64 Crash in Skia library when scaling high quality images
MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache
MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library
MFSA 2014-61 Use-after-free with FireOnStateChange event
MFSA 2014-59 Use-after-free in DirectWrite font handling
MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering
MFSA 2014-57 Buffer overflow during Web Audio buffering for playback
MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)
Changelog:
Fixed in Thunderbird 24.6
MFSA 2014-52 Use-after-free with SMIL Animation Controller
MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer
MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)
The following security problems were fixed in this release:
- MFSA 2014-46 Use-after-free in nsHostResolve
- MFSA 2014-44 Use-after-free in imgLoader while resizing images
- MFSA 2014-43 Cross-site scripting (XSS) using history navigations
- MFSA 2014-42 Privilege escalation through Web Notification API
- MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
- MFSA 2014-37 Out of bounds read while decoding JPG images
- MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service
Installer
- MFSA 2014-34 Miscellaneous memory safety hazards
Changelog:
Fixed in Thunderbird 24.4
MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
MFSA 2014-30 Use-after-free in TypeObject
MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
MFSA 2014-26 Information disclosure through polygon rendering in MathML
MFSA 2014-17 Out of bounds read during WAV file decoding
MFSA 2014-16 Files extracted during updates are not always read only
MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)
Changelog:
FIXED
Security fixes can be found here
FIXED
Fixed an issue where long messages with multiple signatures could end up unreadable (bug 929006)
FIXED
Fixed an issue where editing account settings was not possible in some non-standard configurations of local folder set-ups (bug 921371)
Fixed in Thunderbird 24.2
MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
MFSA 2013-116 JPEG information leak
MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
MFSA 2013-114 Use-after-free in synthetic mouse movement
MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
MFSA 2013-111 Segmentation violation when replacing ordered list elements
MFSA 2013-109 Use-after-free during Table Editing
MFSA 2013-108 Use-after-free in event listeners
MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
Fixed in Thunderbird 24.1.1
MFSA 2013-103 Miscellaneous Network Security Services (NSS) vulnerabilities
TODO: put sdk common files into their own PLIST in order to simplify updates to
PLIST.enigmail and PLIST.lightning.
Changelog:
24.1.
FIXED
Fixed an issue where signatures were shown in too lighter grey making them difficult to read (bug 917906)
FIXED
Fixed an issue where Auto CC for reply might not work if the cc address is the same as the sending address (bug 917231)
FIXED
Security fixes can be found here
Fixed in Thunderbird 24.0
MFSA 2013-92 GC hazard with default compartments and frame chain restoration
MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-85 Uninitialized data in IonMonkey
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-81 Use-after-free with select element
MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
24.0
NEW
Message threads can now be ignored or watched
NEW
Emails can now be sent to IDN based email addresses
NEW
Zoom functionality is now available in the compose window
CHANGED
In the Compose window, ctrl/cmd + and ctrl/cmd - now change the zoom setting rather than the font size
CHANGED
In Twitter, replying to a tweet now replies to all users, just like on the Twitter website
FIXED
Interactions in the filter list dialogs have been improved
FIXED
In Chat user nicknames are now highlighted when mentioned
FIXED
In IRC, long messages will now be sent in multiple parts instead of being cut off
FIXED
Various security fixes
Fixed in Thunderbird 24.1
MFSA 2013-102 Use-after-free in HTML document templates
MFSA 2013-101 Memory corruption in workers
MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
MFSA 2013-98 Use-after-free when updating offline cache
MFSA 2013-97 Writing to cycle collected object during image decoding
MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
MFSA 2013-95 Access violation with XSLT and uninitialized data
MFSA 2013-94 Spoofing addressbar though SELECT element
MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
pax -rw, the destination directory must exist. pax in NetBSD creates it if
not, pax in MirBSD complains. I read through all pkgsrc Makefiles that use
pax and added an entry to INSTALLATION_DIRS, or an INSTALL_DATA_DIR
invocation.
I did not test all the changes but they should be fairly safe. If you notice
any breakage because of this change, please contact me.
Changelog:
The following security bug fixes should be applied to thunderbird-17.0.9.
But I cannot find any documents.
MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
MFSA 2013-65 Buffer underflow when generating CRMF requests
Changelog:
Security bugfixes.
MFSA 2013-75 Local Java applets may read contents of local file system
MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
Changelog:
FIXED
Security fixes can be found here
Fixed in Thunderbird 17.0.7
MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
MFSA 2013-56 PreserveWrapper has inconsistent behavior
MFSA 2013-55 SVG filters can lead to information disclosure
MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
MFSA 2013-51 Privileged content access and execution via XBL
MFSA 2013-50 Memory corruption found using Address Sanitizer
MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)
to address issues with NetBSD-6(and earlier)'s fontconfig not being
new enough for pango.
While doing that, also bump freetype2 dependency to current pkgsrc
version.
Suggested by tron in PR 47882
Changelog:
FIXED
Security fixes can be found here
FIXED
Thunderbird now supports the Twitter API version 1.1 ahead of Twitter closing the 1.0 version (Bug 857049)
Fixed in Thunderbird 17.0.6
MFSA 2013-48 Memory corruption found using Address Sanitizer
MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent
MFSA 2013-46 Use-after-free with video and onresize event
MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service
MFSA 2013-42 Privileged access for content level constructor
MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)
Changelog:
FIXED
Security fixes can be found here
FIXED
Adjusting font size when composing emails should be easier (Bug 824926)
Fixed in Thunderbird 17.0.5
MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
MFSA 2013-34 Privilege escalation through Mozilla Updater
MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
MFSA 2013-31 Out-of-bounds write in Cairo library
MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)
1.) Fix broken "yasm" version check which only accepts version numbers
like "a.b.c.d" but not like "a.b.c" and therefore fails with
Yasm 1.2.0. This probably affects other platforms (e.g. Linux
as well).
2.) Use "-R" instead of non-portable "-rpath" linker option.
The build under Solaris 10 fails now during the build phase and not
already in the configuration phase.
Changelog:
FIXED
Security fixes can be found here
FIXED
Attachments sometimes could not be removed from the composition window using the keyboard, this is now fixed (799451)
Fixed in Thunderbird 17.0.3
MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
MFSA 2013-27 Phishing on HTTPS connection through malicious proxy
MFSA 2013-26 Use-after-free in nsImageLoadingContent
MFSA 2013-25 Privacy leak in JavaScript Workers
MFSA 2013-24 Web content bypass of COW and SOW security wrappers
MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)
Changelog:
FIXED
Security fixes can be found here
FIXED
Pressing the 'x' button on Windows now closes only one window rather than the whole application (805185)
FIXED
An issue that caused occasional corruption in local folders after filtering is now fixed (815012)
FIXED
An issue that caused deletion of drafts saved in IMAP folders whilst in offline mode is now fixed (805626)
For security fix, see http://www.mozilla.org/en-US/thunderbird/17.0.2/releasenotes/ .
Changelog:
FIXED
Security fixes can be found here
FIXED
Pressing the 'x' button on Windows now closes only one window rather than the whole application (805185)
FIXED
An issue that caused occasional corruption in local folders after filtering is now fixed (815012)
FIXED
An issue that caused deletion of drafts saved in IMAP folders whilst in offline mode is now fixed (805626)
For security fix, see http://www.mozilla.org/en-US/thunderbird/17.0.2/releasenotes/ .
Changelog:
NEW
A Menu Button is now shown to new users by default
NEW
Tabs are now drawn in the title bar on Windows
FIXED
An issue causing spell-checking only parts of words in Thunderbird 16 is now fixed (790475)
FIXED
An issue causing Thunderbird 16 to repeatedly download emails is now fixed (806760)
FIXED
RSS feeds can now be viewed in the Wide View Layout (531397)
FIXED
Various fixes and performance improvements
FIXED
Various security fixes
CHANGED
Mac OS X 10.5 is no longer supported
Security fixes:
Fixed in Thunderbird 17
MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer
MFSA 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2012-103 Frames can shadow top.location
MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset
MFSA 2012-100 Improper security filtering for cross-origin wrappers
MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment
MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox
MFSA 2012-96 Memory corruption in str_unescape
MFSA 2012-94 Crash when combining SVG text on path with CSS
MFSA 2012-93 evalInSanbox location context incorrectly applied
MFSA 2012-92 Buffer overflow while rendering GIF images
MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)
Changelog:
Fixed in Thunderbird 16.0.2
MFSA 2012-90 Fixes for Location object issues
MFSA 2012-67 Installer will launch incorrect executable following new installation
Changelog:
FIXED
16.0.1: Vulnerability outlined here
https://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/
NEW
We have now added box.com to the list of online storage services that are available for use with Thunderbird Filelink
NEW
Silent, background updates. Thunderbird will now download and apply updates in the background allowing you to start quickly the next time Thunderbird starts up.
FIXED
Various fixes and performance improvements
FIXED
Various security fixes
Fixed in Thunderbird 16.0.1
MFSA 2012-89 defaultValue security checks not applied
MFSA 2012-88 Miscellaneous memory safety hazards (rv:16.0.1)
Fixed in Thunderbird 16
MFSA 2012-87 Use-after-free in the IME State Manager
MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer
MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer
MFSA 2012-84 Spoofing and script injection through location.hash
MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties
MFSA 2012-82 top object and location property accessible by plugins
MFSA 2012-81 GetProperty function can bypass security checks
MFSA 2012-80 Crash with invalid cast when using instanceof operator
MFSA 2012-79 DOS and crash with full screen and history navigation
MFSA 2012-77 Some DOMWindowUtils methods bypass security checks
MFSA 2012-76 Continued access to initial origin after setting document.domain
MFSA 2012-75 select element persistance allows for attacks
MFSA 2012-74 Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8)
