Skip to Content
Security & privacy

Mozilla patches critical bug in this popular email client

Do you use Mozilla’s popular email client Thunderbird? If yes, then you may want to apply these important updates soon. The company just issued five security patches including fixes for one critical and two high-level bugs.

If you’re not familiar with Mozilla Thunderbird, it’s a free feature-packed email program from the same company that brings us the Firefox web browser. It’s a popular alternative email client for Windows, Macs and Linux machines. Click here to read more about Mozilla Thunderbird.

Read on and I’ll tell you why you need to apply these updates immediately.

Critical flaw

The most severe of the bugs is a critical buffer overflow bug that affects Windows machines (CVE-2017-7845).

According to the Mozilla Foundation Security, this bug “occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content.” This could lead to an exploitable system crash.

High-level flaws

The two high impact flaws are CVE-2017-7846 and CVE-2017-7847.

CVE-2017-7846 is a JavaScript exploit in Thunderbird’s RSS feed viewer when viewed as a website. This can allow a hacker to slip in all sorts of malicious code when exploited. According to Mozilla, this can be accessed via ‘View -> Feed article -> Website’ or in the standard format of ‘View -> Feed article -> default format,’ for example.

The other bug, CVE-2017-7847 is a CSS bug that can potentially reveal user data, such as usernames, to an attacker.

Other flaws

The remaining flaws are the moderate bug that allows an attacker to modify an email message’s body (CVE-2017-7848) and a low impact one that allows an attacker to spoof a sender’s email address (CVE-2017-7829).

How to update Thunderbird

Thunderbird automatically updates itself but if you want to fetch the updates manually, here’s how:

  1. On the top menu bar, click Thunderbird >> About Thunderbird.
  2. When the “About Thunderbird” window appears, Thunderbird will automatically check for updates and downloads them if available.
  3. When the updates are ready, just click “Restart Thunderbird to Update” to complete the process.

The newest version is Thunderbird 52.5.2.

To read Mozilla Foundation’s Security Advisory about this latest round of updates, click here.

Facebook launches new security feature you need to use now

We all use Facebook to connect with our friends and family. Unfortunately, cybercriminals use Facebook to scam us. Wouldn’t it be ideal if we could detect these scammers before it’s too late? Facebook found a way to help. Click here for a Facebook feature that you will need to turn on to avoid getting fooled.

Stop robocalls for good with Kim’s new eBook

Robocalls interrupt us constantly and scam Americans out of millions of dollars every year. Learn Kim's best tricks for stopping annoying robocalls in this handy guide.

Get the eBook