Download Mozilla Thunderbird 60.6.1
The Mozilla Foundation has released version 60.6.1 of Thunderbird. Mozilla Thunderbird is an open source email and newsgroup client, with features such as support for several mail and news accounts, a spam filter, spell checker, and a customizable look and feel. In Thunderbird, new functionality is rarely added. Version 60 includes improvements in attachment handling, spell checking, and working with templates. In version 60.6.1, the following security vulnerabilities have been fixed.
Security vulnerabilities fixed in Thunderbird 60.6.1
- #CVE-2018-18356: Use after free in Skia
A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash.
References Bug 1525817 - #CVE-2019-5785: Integer overflow in Skia
An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash.
References Bug 1525433 & The Curious Case of Convexity Confusion - #CVE-2018-18335: Buffer overflow in Skia with accelerated Canvas 2D
A buffer overflow vulnerability in the Skia library can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR.
Note: this does not affect other versions and platforms where Canvas 2D acceleration is already disabled by default.
References Bug 1525815 - #CVE-2018-18509: S/MIME signature spoofing
A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren’t covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with arbitrary content.
References Bug 1507218
| Version number | 60.6.1 |
| Release status | Final |
| Operating systems | Windows 7, Linux, macOS, Windows Vista, Windows 8, Windows 10 |
| Website | Mozilla Foundation |
| Download | |
| License type | Freeware |