Mozilla Thunderbird 2.0.0.19 is out now, packing several security fixes.

My favorite email client, Mozilla Thunderbird, has been updated to version 2.0.0.18.

Unfortunately, it’s a just a YABR (yet another bugfix release)… I think Thunderbird really deserves a full update with new features, but it looks like we’ll have to wait some more for that

Mozilla Thunderbird 1.5.0.7 has been released via the AutoUpdate function, as well as a standalone download.

The version is a maintenance release which brings enhancements to the program’s stability and security.

The latest JavaScript-related vulnerabilities have been patched, along with memory corruption issues and other flaws.

See the changelog below for more information.

*** WHAT’S NEW IN MOZILLA THUNDERBIRD 1.5.0.7 ***

- Improvements to product stability
- Security fixes:
MFSA 2006-64 Crashes with evidence of memory corruption (rv:1.8.0.7)
MFSA 2006-63 JavaScript execution in mail via XBL
MFSA 2006-60 RSA Signature Forgery
MFSA 2006-59 Concurrency-related vulnerability
MFSA 2006-58 Auto-Update compromise through DNS and SSL spoofing
MFSA 2006-57 JavaScript Regular Expression Heap Corruption

The Rumbling Edge has more…
*** MORE DETAILED CHANGELOG ***

Crashes: (2)
Fixed: 339518 - Switching IMAP folders while “mark-as-spam” is running causes a crash
Fixed: 336957 - Crash when calling messageServiceFromURI(”file://…”).streamMessage

Networking: (3)
Fixed: 222394 - IMAP: MYRIGHTS command used on names marked \Noselect
Fixed: 325379 - STARTTLS negotiation skipped when account set to “TLS, if available”
Fixed: 349929 - APOP information is reset after stepping up a TLS connection

Printing: (1)
Fixed: 342439 - printing certain urls (google groups and maps) from print preview shows the style/meta tags on paper

UI improvements: (1)
Fixed: 337815 - Messages don’t show; summary-file increases every time Tb opens

XULRunner: (2)
Fixed: 348781 - Add 7-Zip SFX source to the tree
Fixed: 349007 - Trunk XULRunner doesn’ t package with modern PackageMaker

Miscellaneous fixes: (2)
Fixed: 344694 - Conflict of linkage-specification for “MimeExternalObjectClass mimeExternalObjectClass”
Fixed: 346302 - Yet another RFC 2231 violation (0×2a is not escaped)

Mac-specific: (1)
Fixed: 345047 - [XULRunner] Universal Build fixup for XULRunner

*** RELEVANT LINKS ***

Download Thunderbird 1.5.0.7 for Windows (.exe installer, English, 6MB, md5=490E29716FF3FF0323589FBDB79E00C2)
Download Thunderbird 1.5.0.7 for Mac OS X (.dmg, Universal Binary, English, 17.7MB)
Download Thunderbird 1.5.0.7 for Linux (.tar.gz, English, 10.1MB)

Download Thunderbird 1.5.0.7 for your operating system (.exe installer, defaults to your language, if build available)
Download Thunderbird 1.5.0.7 for your operating system (.exe installer, choose the desired language)

Mozilla Thunderbird 1.5.0.7 Release Notes

A day after the Firefox 1.5.0.5 update, Thunderbird 1.5.0.5 was released, again spreading itself to users all over the world through the Auto-Update function before being officially announced on its Mozilla.com homepage.
Thunderbird 1.5.0.5 brings forth better overall stability and several security improvements “part of our ongoing program to provide a safer email experience for our users” (The Mozilla Foundation).

Some of the security fixes address Javascript-related vulnerabilities, Native DOM flaws and some crashes due to memory corruption.

Check below for more detailed information, according to The Rumbling Edge.

*** FIXES AND IMPROVEMENTS IN THUNDERBIRD 1.5.0.5 ***

Security issues:

Fixed: 339740 - Heap buffer overwrite on malformed VCard (Critical)
Fixed: 284219, 329900, 331679, 331883, 336162, 337462, 338129, 338391, 340733 - Crashes with evidence of memory corruption (rv:1.8.0.5) (Moderate)
Fixed: 320982, 342507, Secunia Advisory 19873 - Memory corruption with simultaneous events (Moderate)
Fixed: 324117, 325425, 336409, 336410, 338001, 338121, 338804, 339785, 340129, 341877, 341956, 342960 - JavaScript engine vulnerabilities (Moderate)
Fixed: 337389 - PAC privilege escalation using Function.prototype.call (Moderate)
Fixed: 338288 - Code execution through deleted frame reference (Moderate)
Fixed: 338523 - XSS with XPCNativeWrapper(window).Function(…) (Moderate)
Fixed: 340107 - UniversalBrowserRead privilege escalation (Moderate)
Fixed: 340727 - Privilege escalation using named-functions and redefined “new Object()” (Moderate)
Fixed: 344759, 344960 - JavaScript new Function race condition (Moderate)
Fixed: 339918, 343594 - Native DOM methods can be hijacked across domains (Low)

Crash:

Fixed: 340882 - [XPToolkit] Invalid pointer in RemoveWindowListeners

Address book:

Fixed: 334947 - freeze if drop vCard with base64 encoded photo

Attachment-related:

Fixed: 338859 - even if the attachment file name has 0×2f, it’s not escaped

Build configuration:

Fixed: 324483 - Ah Crap! takes too long
Fixed: 339875 - ship ga-IE for 1.5.0.5
Fixed: 343157 - unit test dirs are included in final packages

Functionality:

Fixed: 314009 - Draft messages not deleted when Send Later used
Fixed: 337052 - Reactivate WarpCenter biff functionality in nsMessengerOS2Integration
Fixed: 342167 - In , 2 “Warning: Expected pseudo-element but found ‘-moz-XYZ’. Ruleset ignored due to bad selector.”

UI improvements:

Fixed: 342784 - File > Quit hangs tb if expunge inbox on exit is set

XPToolkit:

Fixed: 339213 - Software update fails because XULRunner doesn’t ship updater.ini

Mac-specific:

Fixed: 322578 - Support ppc<->x86 cross builds for Mac OS X
Fixed: 327037 - Newsgroup names over-abbreviated on UB Mac
Fixed: 340071 - pasting html from ff 1.5.0.4 into compose window in tb 1.5.0.4 doesn’t paste anything

Sun-specific:

Fixed: 322450 - TARGET_XPCOM_ABI not set in solaris builds

*** RELEVANT LINKS ***

Download Thunderbird 1.5.0.5 for Windows (.exe installer, English, 6MB)
Download Thunderbird 1.5.0.5 for Mac OS X (.dmg, Universal Binary, English, 17.7MB)
Download Thunderbird 1.5.0.5 for Linux (.tar.gz, English, 10.1MB)

Download Thunderbird 1.5.0.5 for your operating system (.exe installer, defaults to your language, if build available)
Download Thunderbird 1.5.0.5 for your operating system (.exe installer, choose the desired language)

Mozilla Thunderbird 1.5.0.5 Release Notes