Category Archives: Mozilla

Thunderbird 60.5.1

Another set of security vulnerabilities was recently addressed by Mozilla with the release of Thunderbird 60.5.1. All four security issues are rated as having High impact, and are likely to affect Thunderbird’s confidentiality (leak private data), integrity (cause crashes), and/or availability (prevent normal operation).

To update Thunderbird, click its hamburger menu icon at the top right, then select Help > About Thunderbird to show your installed version. If a newer version is available, you should see a button offering to install it.

Thunderbird 60.5: four security fixes

Mozilla remains committed to Thunderbird, the company’s full-featured yet free email client for Windows, Mac, and Linux. Which is good news, because it’s getting increasingly difficult to find good email client software.

I’ve never been a fan of web-based email. It’s handy in certain situations, but leaves much to be desired for long-term use. I’ve been using Outlook for years, but it’s more than most people need; for them, there’s Thunderbird.

Thunderbird 60.5 plugs at least four security holes in previous versions.

To update Thunderbird, click its ‘hamburger’ menu icon at the top right, hover your mouse over Help, and click About Mozilla Thunderbird. If an update is available, you’ll be prompted to install it.

Firefox 64.0 fixes eleven security bugs

The latest Firefox fixes a handful of bugs, eleven of them security vulnerabilities, ranging in impact from low to critical.

New in Firefox 64.0 is the ability to select and manipulate multiple tabs. Hold the Ctrl or Shift key while clicking to select several tabs, then right-click one of the tabs to see some new actions in the context menu. Unfortunately, there’s no visual indication of which tabs have been selected, making this otherwise helpful feature somewhat awkward to use. You can at least see how many tabs you have selected in the context menu, in the Send n Tabs To Device entry.

Firefox’s Task Manager, which you can show by navigating to about:performance, now shows the amount of power being used by each tab and Add-On. This should be very handy for mobile device users.

Starting with Firefox 64.0, TLS certificates issued by Symantec are no longer trusted. You’ll only notice this if you visit a web site that still uses a certificate from Symantec.

The special page about:crashes is improved in Firefox 64.0: it’s now clear when a crash is being submitted to Mozilla, and that removing crashes locally does not remove them from the Mozilla crash stats page.

The release notes for Firefox 64.0 have more details.

Thunderbird 60.3

Released on October 31, Thunderbird 60.3 fixes a handful of bugs — some of which are security-related — affecting multiple versions and platforms.

From the security advisory: In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. What they seem to be saying is that these vulnerabilities cannot be exploited through the act of opening and reading email in Thunderbird. As for the part about browser-like contexts, well, that’s not at all clear. What contexts?

You can update your install of Thunderbird by clicking its hamburger menu button at the top right. Click the small arrow to the right of Help, then click About Mozilla Thunderbird. The About dialog should show your current version and offer an update if one is available.

Thunderbird 60.2.1

There aren’t as many desktop email applications around as there used to be. Sure, some of the old classics are still available (hello Eudora), but they typically don’t provide support for the latest technologies.

I’ve never been comfortable using a web-based application for my email. I do use GMail, but mostly for client support. I just prefer to have more control over my email archive than is possible with a web-based solution. Email is a critical component of my business and personal communications, and leaving it at the mercy of Google or some other company is not acceptable.

That said, there are still a few good options for desktop email on Windows. I still use Outlook, because it’s always been rock solid for me, handling dozens of accounts efficiently and reliably. But Outlook is only available as part of Microsoft Office, and only the more expensive Professional or Business versions at that. And Office is not cheap, costing upwards of $300 USD.

So I’m always on the lookout for alternatives to Outlook. And sitting at the top of that list is Thunderbird, Mozilla’s email client. Thunderbird’s three-pane user interface should be familiar to anyone who has used Outlook, Outlook Express, or just about any other Windows email application. It supports all current email-related technologies.

Mozilla issued a major update for Thunderbird in early October: version 60.0. This update provides numerous improvements to the user interface, including a much-needed revamp for the way attachments are handled.

More recently, Thunderbird 60.2.1 was released to fix seven security issues in earlier versions, as well as a few non-security bugs.

As with Firefox, you can check the current version of Thunderbird by navigating its ‘hamburger’ menu (top right) to Help > About Mozilla Thunderbird. Doing this will usually trigger an update, if one is available.

Firefox 63.0

Released last week, Firefox 63.0 provides fixes for at least fourteen security issues.

Firefox 63 also includes performance improvements, content blocking functionality, some user interface improvements, and a few other bug fixes.

In keeping with the trend towards wresting control of updates away from users, the option to Never check for updates was removed from the Preferences page (about:preferences). Sigh.

Firefox can be updated by navigating its ‘hamburger’ menu (button at top right) to Help > About Firefox.

Firefox 62.0.3: two critical security fixes

Yesterday, Mozilla released Firefox 62.0.3, which includes fixes for two critical security vulnerabilities in previous versions of the popular web browser.

The two vulnerabilities addressed in Firefox 62.0.3 are described in some detail on the associated security advisory page.

Depending on how your Firefox is configured, it may display a small update dialog, or it may simply update itself. To control what happens with new versions, navigate Firefox’s ‘hamburger’ menu (at the top right) to Options > General > Firefox Updates. While there, you can click the Check for updates button to trigger an update if one is available.

Firefox 62.0.2: one security fix

The latest Firefox includes fixes for a handful of bugs, including one security vulnerability: CVE-2018-12385 (Crash in TransportSecurityInfo due to cached data).

If your installation of Firefox is configured to update itself, it will probably get around to doing that in the next few days, if it hasn’t already. You can expedite the process by starting the browser and navigating to Help > About Firefox in its ‘hamburger’ menu at the top right of the browser window.

The release notes for Firefox 62.0.2 provide additional details.

Firefox 62.0: nine security updates

Despite the major version increment, Firefox 62.0 doesn’t really have any new features worth mentioning. However, it’s an important update, because it addresses at least nine security vulnerabilities that range from Low to Critical in severity.

One change in Firefox 62.0 is worth pointing out: the Description field for bookmarks has been removed. Any Description information you previously added to your bookmarks can still be exported from Firefox. From the release notes: “Users who have stored descriptions using the field may wish to export these descriptions as html or json files, as they will be removed in a future release.”

You can usually encourage Firefox to update itself by navigating its ‘hamburger’ menu to Help > About Firefox.