New Thunderbird version 68.5 with security fixes available
The new version of the email client includes seven fixes for security vulnerabilities. One is classified as high risk.
The new version 68.5 of the email client includes seven fixes for security vulnerabilities. One is classified as high risk. Users can easily check their installed version of Thunderbird (Menu -> Help -> About Thunderbird).
Memory security vulnerability with high risk rating
According to the Thunderbird team, one of the vulnerabilities (CVE-2020-6800) poses a high risk. Under certain conditions, attackers could use it to execute program code by sending prepared emails. The CVE-2020-6800 is a memory security error that has also been fixed in the current Firefox version 73.
In the advisory to Thunderbird 68.5 (Advisory 2020-07), the developers note that misuse in the email client is usually not possible since scripting is deactivated by default when reading an email. However, the vulnerability poses a potential security risk.
Low and medium risk vulnerabilities
Five vulnerabilities were classified as "Medium" and one as "Low". The dangers they pose include cross-site scripting, non-exploitable Thunderbird crashes, and the disclosure of sensitive information.
General information on the new version of the email client can be found in the release notes for Thunderbird 68.5.
Users can download the new version from UpdateStar or from the official website.
Thunderbird on UpdateStar | Download