14 DAY TRIAL // Mozilla has announced the release of a new maintenance version of the popular, open-source, and cross-platform Mozilla Thunderbird 38 email and news client for all supported operating systems, including GNU/Linux, Mac OS X, and Windows.
According to the release notes, the Mozilla Thunderbird 38.4.0 release is here to fix multiple high and critical security vulnerabilities that have been either discovered by various Mozilla hackers or reported by users since the previous version of the open-source software.
Among the critical vulnerabilities patched in Mozilla Thunderbird 38.4.0, we can mention memory corruption issues in the NSPR (Netscape Portable Runtime) and NSS (Network Security Services) components, various memory safety hazards, as well as a few security flaws discovered through code inspection.
Five high-impact vulnerabilities have been patched as well
In addition to the critical security vulnerabilities listed above, Mozilla Thunderbird 38.4.0 also addresses five high-impact issues, such as a memory corruption in the libjar library when dealing with zip archives, as well as a crash in the JavaScript garbage collection component with the Java applet.
Furthermore, a buffer overflow that occurred during image interactions in canvas has been fixed, a bypass of CORS (Cross-Origin Resource Sharing) preflight related to non-standard Content-Type headers has been resolved, and a bypass of the same-origin policy issue, which occurred when trailing whitespaces were found in IP address hostnames, has been patched.
Last but not least, Mozilla Thunderbird 38.4.0 also addresses a moderated security vulnerability, where the mixed content WebSocket policy could bypass through workers. Also, users can now move multiple messages from a maildir folder to an mbox one.
Download Mozilla Thunderbird 38.4.0 for GNU/Linux, Mac OS X, and Microsoft Windows operating systems right now from Softpedia. All users are urged to update their Mozilla Thunderbird clients to the new version as soon as possible via the built-in updater.