DESCRIPTION: Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system.
For more information: SA33184
The vulnerabilities are reported in version 18.104.22.168 and prior.
SOLUTION: Fixed in an upcoming 22.214.171.124 version.
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Originally posted by Guru ZimSo you are saying I should summarize?
If you run Mozilla Firefox 2 or 3, or Thunderbird, you need to update your software to the newest version due to current exploits that are "in the wild".
No, not even summarize. Just knowing who you're talking to. If the people who are reading this thread are the type of people who normally read Secuina Advisories, they're surely aware of the problem. Everyone else probably hit mark all posts read and moved on with their lives, unless they just had to make a sarcastic remark. You didn't help out as much as you wanted to with that one.
What might have worked better...
There are new vulnerabilities to Firefox version 2 & Firefox version 3, as well as Thunderbird. If you're using this software, you should [choose: make sure you install the next update/turn of feature X until the next update arrives/stop using this software entirely until the next update, the danger is that high]. You can find more information on the issue here here and here.
Firefox/Mozilla vulnerabilities don't seem to me as big of a deal, because you really have to work hard for the programs NOT to update automatically. If you don't tell to update right away, it'll do it the next time you start the program. It's way too easy to turn off Automatic Updates, especially after the first time they want you to drop what you're doing and reboot your computer immediately.
(o m g I'm backseat posting now, I need off the internet)
There's two versions of the app. The free one he's talking about limits him to 15 messages a day, and there's a $6/year version for unlimited text. Plus, they put ads in the app to make their money back. Otherwise, it looks to be fine.