The Thunderbird team has released a new version of the open source cross-platform email client. Thunderbird 52.9.0 is a security update first and foremost which makes it a recommended update for all users of the email client.
The new version of Thunderbird fixes the so-called EFAIL security issue completely. EFAIL was discovered earlier this year by security researchers. It allows attackers to gain access to OpenPGP or S/Mime encrypted messages by managing to get hold of encrypted messages, for instance by network snooping, modifying the emails, and sending them to the target.
The Thunderbird development team fixed the issue partially in Thunderbird 52.8.0 which it released in May 2018.
The release of Thunderbird 52.9.0 fixes the issue completely by removing "some HTML crafted to carry out" an EFAIL attack, and optionally "not decrypting subordinate message parts that otherwise might reveal decrypted content to the attacker".
Full story at Ghacks.
By Martin Brinkmann.
No comments:
Post a Comment