Mozilla Thunderbird 1.5.0.7 has been released via the AutoUpdate function, as well as a standalone download.

The version is a maintenance release which brings enhancements to the program’s stability and security.

The latest JavaScript-related vulnerabilities have been patched, along with memory corruption issues and other flaws.

See the changelog below for more information.

*** WHAT’S NEW IN MOZILLA THUNDERBIRD 1.5.0.7 ***

- Improvements to product stability
- Security fixes:
MFSA 2006-64 Crashes with evidence of memory corruption (rv:1.8.0.7)
MFSA 2006-63 JavaScript execution in mail via XBL
MFSA 2006-60 RSA Signature Forgery
MFSA 2006-59 Concurrency-related vulnerability
MFSA 2006-58 Auto-Update compromise through DNS and SSL spoofing
MFSA 2006-57 JavaScript Regular Expression Heap Corruption

The Rumbling Edge has more…
*** MORE DETAILED CHANGELOG ***

Crashes: (2)
Fixed: 339518 - Switching IMAP folders while “mark-as-spam” is running causes a crash
Fixed: 336957 - Crash when calling messageServiceFromURI(”file://…”).streamMessage

Networking: (3)
Fixed: 222394 - IMAP: MYRIGHTS command used on names marked \Noselect
Fixed: 325379 - STARTTLS negotiation skipped when account set to “TLS, if available”
Fixed: 349929 - APOP information is reset after stepping up a TLS connection

Printing: (1)
Fixed: 342439 - printing certain urls (google groups and maps) from print preview shows the style/meta tags on paper

UI improvements: (1)
Fixed: 337815 - Messages don’t show; summary-file increases every time Tb opens

XULRunner: (2)
Fixed: 348781 - Add 7-Zip SFX source to the tree
Fixed: 349007 - Trunk XULRunner doesn’ t package with modern PackageMaker

Miscellaneous fixes: (2)
Fixed: 344694 - Conflict of linkage-specification for “MimeExternalObjectClass mimeExternalObjectClass”
Fixed: 346302 - Yet another RFC 2231 violation (0×2a is not escaped)

Mac-specific: (1)
Fixed: 345047 - [XULRunner] Universal Build fixup for XULRunner

*** RELEVANT LINKS ***

Download Thunderbird 1.5.0.7 for Windows (.exe installer, English, 6MB, md5=490E29716FF3FF0323589FBDB79E00C2)
Download Thunderbird 1.5.0.7 for Mac OS X (.dmg, Universal Binary, English, 17.7MB)
Download Thunderbird 1.5.0.7 for Linux (.tar.gz, English, 10.1MB)

Download Thunderbird 1.5.0.7 for your operating system (.exe installer, defaults to your language, if build available)
Download Thunderbird 1.5.0.7 for your operating system (.exe installer, choose the desired language)

Mozilla Thunderbird 1.5.0.7 Release Notes

A day after the Firefox 1.5.0.5 update, Thunderbird 1.5.0.5 was released, again spreading itself to users all over the world through the Auto-Update function before being officially announced on its Mozilla.com homepage.
Thunderbird 1.5.0.5 brings forth better overall stability and several security improvements “part of our ongoing program to provide a safer email experience for our users” (The Mozilla Foundation).

Some of the security fixes address Javascript-related vulnerabilities, Native DOM flaws and some crashes due to memory corruption.

Check below for more detailed information, according to The Rumbling Edge.

*** FIXES AND IMPROVEMENTS IN THUNDERBIRD 1.5.0.5 ***

Security issues:

Fixed: 339740 - Heap buffer overwrite on malformed VCard (Critical)
Fixed: 284219, 329900, 331679, 331883, 336162, 337462, 338129, 338391, 340733 - Crashes with evidence of memory corruption (rv:1.8.0.5) (Moderate)
Fixed: 320982, 342507, Secunia Advisory 19873 - Memory corruption with simultaneous events (Moderate)
Fixed: 324117, 325425, 336409, 336410, 338001, 338121, 338804, 339785, 340129, 341877, 341956, 342960 - JavaScript engine vulnerabilities (Moderate)
Fixed: 337389 - PAC privilege escalation using Function.prototype.call (Moderate)
Fixed: 338288 - Code execution through deleted frame reference (Moderate)
Fixed: 338523 - XSS with XPCNativeWrapper(window).Function(…) (Moderate)
Fixed: 340107 - UniversalBrowserRead privilege escalation (Moderate)
Fixed: 340727 - Privilege escalation using named-functions and redefined “new Object()” (Moderate)
Fixed: 344759, 344960 - JavaScript new Function race condition (Moderate)
Fixed: 339918, 343594 - Native DOM methods can be hijacked across domains (Low)

Crash:

Fixed: 340882 - [XPToolkit] Invalid pointer in RemoveWindowListeners

Address book:

Fixed: 334947 - freeze if drop vCard with base64 encoded photo

Attachment-related:

Fixed: 338859 - even if the attachment file name has 0×2f, it’s not escaped

Build configuration:

Fixed: 324483 - Ah Crap! takes too long
Fixed: 339875 - ship ga-IE for 1.5.0.5
Fixed: 343157 - unit test dirs are included in final packages

Functionality:

Fixed: 314009 - Draft messages not deleted when Send Later used
Fixed: 337052 - Reactivate WarpCenter biff functionality in nsMessengerOS2Integration
Fixed: 342167 - In , 2 “Warning: Expected pseudo-element but found ‘-moz-XYZ’. Ruleset ignored due to bad selector.”

UI improvements:

Fixed: 342784 - File > Quit hangs tb if expunge inbox on exit is set

XPToolkit:

Fixed: 339213 - Software update fails because XULRunner doesn’t ship updater.ini

Mac-specific:

Fixed: 322578 - Support ppc<->x86 cross builds for Mac OS X
Fixed: 327037 - Newsgroup names over-abbreviated on UB Mac
Fixed: 340071 - pasting html from ff 1.5.0.4 into compose window in tb 1.5.0.4 doesn’t paste anything

Sun-specific:

Fixed: 322450 - TARGET_XPCOM_ABI not set in solaris builds

*** RELEVANT LINKS ***

Download Thunderbird 1.5.0.5 for Windows (.exe installer, English, 6MB)
Download Thunderbird 1.5.0.5 for Mac OS X (.dmg, Universal Binary, English, 17.7MB)
Download Thunderbird 1.5.0.5 for Linux (.tar.gz, English, 10.1MB)

Download Thunderbird 1.5.0.5 for your operating system (.exe installer, defaults to your language, if build available)
Download Thunderbird 1.5.0.5 for your operating system (.exe installer, choose the desired language)

Mozilla Thunderbird 1.5.0.5 Release Notes

Firefox 1.5.0.5 started a few minutes ago to spread itself to users worldwide through the browser’s Auto-Update functions.

Bringing forth several security improvements, better overall stability and minor changes related to localization, Firefox 1.5.0.5 is dubbed a “security update that is part of our ongoing program to provide a safe Internet experience for our customers” by the Mozilla Foundation.

Some of the security fixes address Javascript-related vulnerabilities, Native DOM flaws and some crashes due to memory corruption.

Check below for more detailed information.

*** FIXES IN FIREFOX 1.5.0.5 ***

MFSA 2006-56 chrome: scheme loading remote content
MFSA 2006-55 Crashes with evidence of memory corruption (rv:1.8.0.5)
MFSA 2006-54 XSS with XPCNativeWrapper(window).Function(…)
MFSA 2006-53 UniversalBrowserRead privilege escalation
MFSA 2006-52 PAC privilege escalation using Function.prototype.call
MFSA 2006-51 Privilege escalation using named-functions and redefined “new Object()”
MFSA 2006-50 JavaScript engine vulnerabilities
MFSA 2006-48 JavaScript new Function race condition
MFSA 2006-47 Native DOM methods can be hijacked across domains
MFSA 2006-46 Memory corruption with simultaneous events
MFSA 2006-45 Javascript navigator Object Vulnerability
MFSA 2006-44 Code execution through deleted frame reference

*** RELEVANT LINKS ***

Download Firefox 1.5.0.5 for Windows (.exe installer, English, 4.9MB)
Download Firefox 1.5.0.5 for Mac OS X (.dmg, Universal Binary, English, 16MB)
Download Firefox 1.5.0.5 for Linux (.tar.gz, English, 8.1MB)

Download Firefox 1.5.0.5 for your operating system (.exe installer, defaults to your language, if build available)
Download Firefox 1.5.0.5 for your operating system (.exe installer, choose the desired language)

Mozilla Firefox 1.5.0.5 Release Notes

As described in the Firefox 2.0 roadmap, the first alpha release (2a) was launched in Q1 2006 (21st of March). Carrying on the established naming tradition (Firefox 1.5 - Deer Park), this “pre-feature complete alpha” is codenamed “Bon Echo“.

Intended as a testing-only release, Bon Echo Alpha 1 is targeted to web application developers and members of the Firefox testing community. Consumers should stick to the Firefox 1.5 series.

According to the aforementioned roadmap, the first feature complete Alpha will be launched in early Q2 2006, while release candidates be available in late Q2 2006.

*** WHAT’S NEW IN BON ECHO ALPHA 1 ***

- Changes to tabbed browsing behavior
- New data storage layer for bookmarks and history (using SQLlite)
- Extended search plugin format
- Updates to the extension system to provide enhanced security and to allow for easier localization of extensions
- Support for SVG text using svg:textPath
- List of notable bug fixes

*** RELEVANT LINKS ***
Bon Echo Project Homepage
Download Bon Echo Alpha 1 for Windows (.exe - 4.9MB)
Download Bon Echo Alpha 1 for Mac (.dmg - 9.5MB)
Download Bon Echo Alpha 1 for Linux (.tar.gz - 8.2MB)