Wednesday, November 21, 2007

Security Update : Thunderbird

After being delayed for some time, finally Slackware security team has released an update for Thunderbird package for 10.2 up to -Current. Here's the latest changelog:
Tue Nov 20 16:49:58 CST 2007
Upgraded to thunderbird-
This update fixes the following security related issues:
URIs with invalid %-encoding mishandled by Windows (MFSA 2007-36).
Crashes with evidence of memory corruption (MFSA 2007-29).
OK, so the first one obviously does not affect us. :-) The second fix has to do with the same JavaScript handling problem fixed before in Firefox.
JavaScript is not enabled by default in Thunderbird, and the developers (at least in MFSA 2007-36) do not recommend turning it on.
For more information, see:
(* Security fix *)