Category Archives: Mozilla

Thunderbird 60.6.1

Mozilla released a new version of their email client Thunderbird recently: 60.6.1. The new version includes fixes for two security vulnerabilities.

The fixed vulnerabilities are unlikely to pose a threat to Thunderbird users. According to the related security advisory:

In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.

In other words, since Thunderbird does not allow scripts embedded in email to execute, users are generally much safer than if the same email is displayed in a web browser.

Firefox 66.0 and 66.0.1

The latest major release of Firefox is version 66, which was announced on March 19th. The new version includes some welcome improvements and twenty-one security fixes.

What’s new in Firefox 66?

  • Audio is now prevented from playing by default. You can override this behaviour with a global setting, or add specific web sites to an exclusion list.
  • When you have a lot of tabs open, Firefox now shows a down-arrow button at the end of the tab bar. Clicking this button shows a list of all open tabs, and provides a special search function, allowing you to search your open tabs.
  • Scroll Anchoring tries to keep your content in place even as advertising and other images try to push what you’re reading off the page.
  • Extensions get a slight speed boost.
  • It’s now a bit easier to configure keyboard shortcuts for extensions.
  • HTTPS certificate error pages are easier to understand.
  • Additional performance and stability improvements, especially during page loading.
  • AV1 video support was added to the 32-bit version of Firefox.

Firefox 66.0.1 addresses two security issues in earlier versions, and was released on March 22nd.

You can check which version you’re running by clicking Firefox’s ‘hamburger’ menu, and navigating to Help > About Firefox. If you’re not yet up to date, you should see an Update button that allows you to install the latest version.

Thunderbird 60.5.1

Another set of security vulnerabilities was recently addressed by Mozilla with the release of Thunderbird 60.5.1. All four security issues are rated as having High impact, and are likely to affect Thunderbird’s confidentiality (leak private data), integrity (cause crashes), and/or availability (prevent normal operation).

To update Thunderbird, click its hamburger menu icon at the top right, then select Help > About Thunderbird to show your installed version. If a newer version is available, you should see a button offering to install it.

Thunderbird 60.5: four security fixes

Mozilla remains committed to Thunderbird, the company’s full-featured yet free email client for Windows, Mac, and Linux. Which is good news, because it’s getting increasingly difficult to find good email client software.

I’ve never been a fan of web-based email. It’s handy in certain situations, but leaves much to be desired for long-term use. I’ve been using Outlook for years, but it’s more than most people need; for them, there’s Thunderbird.

Thunderbird 60.5 plugs at least four security holes in previous versions.

To update Thunderbird, click its ‘hamburger’ menu icon at the top right, hover your mouse over Help, and click About Mozilla Thunderbird. If an update is available, you’ll be prompted to install it.

Firefox 64.0 fixes eleven security bugs

The latest Firefox fixes a handful of bugs, eleven of them security vulnerabilities, ranging in impact from low to critical.

New in Firefox 64.0 is the ability to select and manipulate multiple tabs. Hold the Ctrl or Shift key while clicking to select several tabs, then right-click one of the tabs to see some new actions in the context menu. Unfortunately, there’s no visual indication of which tabs have been selected, making this otherwise helpful feature somewhat awkward to use. You can at least see how many tabs you have selected in the context menu, in the Send n Tabs To Device entry.

Firefox’s Task Manager, which you can show by navigating to about:performance, now shows the amount of power being used by each tab and Add-On. This should be very handy for mobile device users.

Starting with Firefox 64.0, TLS certificates issued by Symantec are no longer trusted. You’ll only notice this if you visit a web site that still uses a certificate from Symantec.

The special page about:crashes is improved in Firefox 64.0: it’s now clear when a crash is being submitted to Mozilla, and that removing crashes locally does not remove them from the Mozilla crash stats page.

The release notes for Firefox 64.0 have more details.

Thunderbird 60.3

Released on October 31, Thunderbird 60.3 fixes a handful of bugs — some of which are security-related — affecting multiple versions and platforms.

From the security advisory: In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. What they seem to be saying is that these vulnerabilities cannot be exploited through the act of opening and reading email in Thunderbird. As for the part about browser-like contexts, well, that’s not at all clear. What contexts?

You can update your install of Thunderbird by clicking its hamburger menu button at the top right. Click the small arrow to the right of Help, then click About Mozilla Thunderbird. The About dialog should show your current version and offer an update if one is available.

Thunderbird 60.2.1

There aren’t as many desktop email applications around as there used to be. Sure, some of the old classics are still available (hello Eudora), but they typically don’t provide support for the latest technologies.

I’ve never been comfortable using a web-based application for my email. I do use GMail, but mostly for client support. I just prefer to have more control over my email archive than is possible with a web-based solution. Email is a critical component of my business and personal communications, and leaving it at the mercy of Google or some other company is not acceptable.

That said, there are still a few good options for desktop email on Windows. I still use Outlook, because it’s always been rock solid for me, handling dozens of accounts efficiently and reliably. But Outlook is only available as part of Microsoft Office, and only the more expensive Professional or Business versions at that. And Office is not cheap, costing upwards of $300 USD.

So I’m always on the lookout for alternatives to Outlook. And sitting at the top of that list is Thunderbird, Mozilla’s email client. Thunderbird’s three-pane user interface should be familiar to anyone who has used Outlook, Outlook Express, or just about any other Windows email application. It supports all current email-related technologies.

Mozilla issued a major update for Thunderbird in early October: version 60.0. This update provides numerous improvements to the user interface, including a much-needed revamp for the way attachments are handled.

More recently, Thunderbird 60.2.1 was released to fix seven security issues in earlier versions, as well as a few non-security bugs.

As with Firefox, you can check the current version of Thunderbird by navigating its ‘hamburger’ menu (top right) to Help > About Mozilla Thunderbird. Doing this will usually trigger an update, if one is available.

Firefox 63.0

Released last week, Firefox 63.0 provides fixes for at least fourteen security issues.

Firefox 63 also includes performance improvements, content blocking functionality, some user interface improvements, and a few other bug fixes.

In keeping with the trend towards wresting control of updates away from users, the option to Never check for updates was removed from the Preferences page (about:preferences). Sigh.

Firefox can be updated by navigating its ‘hamburger’ menu (button at top right) to Help > About Firefox.

Firefox 62.0.3: two critical security fixes

Yesterday, Mozilla released Firefox 62.0.3, which includes fixes for two critical security vulnerabilities in previous versions of the popular web browser.

The two vulnerabilities addressed in Firefox 62.0.3 are described in some detail on the associated security advisory page.

Depending on how your Firefox is configured, it may display a small update dialog, or it may simply update itself. To control what happens with new versions, navigate Firefox’s ‘hamburger’ menu (at the top right) to Options > General > Firefox Updates. While there, you can click the Check for updates button to trigger an update if one is available.