Thunderbird 1.5.0.5 Final Available via Auto-Update and for Download

A day after the Firefox 1.5.0.5 update, Thunderbird 1.5.0.5 was released, again spreading itself to users all over the world through the Auto-Update function before being officially announced on its Mozilla.com homepage.
Thunderbird 1.5.0.5 brings forth better overall stability and several security improvements "part of our ongoing program to provide a safer email experience for our users" (The Mozilla Foundation).

Some of the security fixes address Javascript-related vulnerabilities, Native DOM flaws and some crashes due to memory corruption.

Check below for more detailed information, according to The Rumbling Edge.


*** FIXES AND IMPROVEMENTS IN THUNDERBIRD 1.5.0.5 ***

Security issues:

Fixed: 339740 - Heap buffer overwrite on malformed VCard (Critical)
Fixed: 284219, 329900, 331679, 331883, 336162, 337462, 338129, 338391, 340733 - Crashes with evidence of memory corruption (rv:1.8.0.5) (Moderate)
Fixed: 320982, 342507, Secunia Advisory 19873 - Memory corruption with simultaneous events (Moderate)
Fixed: 324117, 325425, 336409, 336410, 338001, 338121, 338804, 339785, 340129, 341877, 341956, 342960 - JavaScript engine vulnerabilities (Moderate)
Fixed: 337389 - PAC privilege escalation using Function.prototype.call (Moderate)
Fixed: 338288 - Code execution through deleted frame reference (Moderate)
Fixed: 338523 - XSS with XPCNativeWrapper(window).Function(...) (Moderate)
Fixed: 340107 - UniversalBrowserRead privilege escalation (Moderate)
Fixed: 340727 - Privilege escalation using named-functions and redefined "new Object()" (Moderate)
Fixed: 344759, 344960 - JavaScript new Function race condition (Moderate)
Fixed: 339918, 343594 - Native DOM methods can be hijacked across domains (Low)

Crash:

Fixed: 340882 - [XPToolkit] Invalid pointer in RemoveWindowListeners

Address book:

Fixed: 334947 - freeze if drop vCard with base64 encoded photo

Attachment-related:

Fixed: 338859 - even if the attachment file name has 0x2f, it's not escaped

Build configuration:

Fixed: 324483 - Ah Crap! takes too long
Fixed: 339875 - ship ga-IE for 1.5.0.5
Fixed: 343157 - unit test dirs are included in final packages

Functionality:

Fixed: 314009 - Draft messages not deleted when Send Later used
Fixed: 337052 - Reactivate WarpCenter biff functionality in nsMessengerOS2Integration
Fixed: 342167 - In , 2 "Warning: Expected pseudo-element but found '-moz-XYZ'. Ruleset ignored due to bad selector."

UI improvements:

Fixed: 342784 - File > Quit hangs tb if expunge inbox on exit is set

XPToolkit:

Fixed: 339213 - Software update fails because XULRunner doesn't ship updater.ini

Mac-specific:

Fixed: 322578 - Support ppc<->x86 cross builds for Mac OS X
Fixed: 327037 - Newsgroup names over-abbreviated on UB Mac
Fixed: 340071 - pasting html from ff 1.5.0.4 into compose window in tb 1.5.0.4 doesn't paste anything

Sun-specific:

Fixed: 322450 - TARGET_XPCOM_ABI not set in solaris builds


*** RELEVANT LINKS ***

Download Thunderbird 1.5.0.5 for Windows (.exe installer, English, 6MB)
Download Thunderbird 1.5.0.5 for Mac OS X (.dmg, Universal Binary, English, 17.7MB)
Download Thunderbird 1.5.0.5 for Linux (.tar.gz, English, 10.1MB)

Download Thunderbird 1.5.0.5 for your operating system (.exe installer, defaults to your language, if build available)
Download Thunderbird 1.5.0.5 for your operating system (.exe installer, choose the desired language)

Mozilla Thunderbird 1.5.0.5 Release Notes