Thunderbird 1.5.0.2 Released

Changelog for previous release (Thunderbird 1.5) | Changelogs for other releases

Make a donation to the upkeep of The Rumbling Edge.

Released on 21 Apr 06, and this changelog was last updated on 23 Apr 06.

Mozilla Thunderbird 1.5.0.2 has been released. Release notes are available. This post lists the improvements in Thunderbird 1.5.0.2 over the previous release 1.5. This list encompasses almost every single known fix that went into this release. There has been some additional work to improve Thunderbird’s performance on new Intel Macs as well, although there will not be a universal binary, scheduled for the next 1.5.0.3 release instead. In other words, there is no native support for users of Macintosh with Intel processors. Users may run Thunderbird 1.5.0.2 under Rosetta.

The Gecko 1.8.0.x branch (Thunderbird 1.5.0.x series) will only bring stability and security bug fixes. As such, no new features will be added. To synchronize the version numbering with Firefox, the 1.5.0.1 numbering was dropped in favour of 1.5.0.2.

Impact key for security issues listed on the Mozilla Foundation Security Advisories webpage:

  • Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
  • High: Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
  • Moderate: Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
  • Low: Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have “High” impact because those are generally used to steal sensitive data intended for other sites.)

Changes in 1.5.0.2: (77)

Security issues: (15)

  • Fixed: 319858 – JavaScript execution in mail when forwarding in-line (Critical)
  • Fixed: 325991, 328469 – Privilege escalation through Print Preview (Critical)
  • Fixed: 282105, 315254, 320459, 326615, 326834, 327941, 328509 – Crashes with evidence of memory corruption (rv:1.8.0.2) (Moderate)
  • Fixed: 316885, 322045 – JavaScript garbage-collection hazards (Moderate)
  • Fixed: 317934 – Changing postion:relative to static corrupts memory (Moderate)
  • Fixed: 319296 – Memory corruption via QueryInterface on Location, Navigator objects (Moderate)
  • Fixed: 319847 – Localstore.rdf XML injection through XULDocument.persist() (Moderate)
  • Fixed: 319872, 322215 – Integer overflows in E4X, SVG, and Canvas (Moderate)
  • Fixed: 323501 – Security check of js_ValueToFunctionObject() can be circumvented (Moderate)
  • Fixed: 325403, ZDI-06-010 – CSS Letter-Spacing Heap Overflow Vulnerability (Moderate)
  • Fixed: 327126 – Privilege escalation using crypto.generateCRMFRequest (Moderate)
  • Fixed: 328937, ZDI-06-011 – Table Rebuilding Code Execution Vulnerability (Moderate)
  • Fixed: 320375 – Read beyond buffer while parsing XML (Low)
  • Fixed: 322312 –  “AnyName” entrainment and access control hazard20459 (Low)
  • Fixed: 328917 – Mail Multiple Information Disclosure (Low)

Crashes: (8)

  • Fixed: 306067 – null pointer dereference crash
  • Fixed: 317420 – Firefox 1.5RC3 crashes when trying to print a page
  • Fixed: 319210 – crash [@ plc4.dll + (00001ae2)] on mail send (using SSL connection to SMTP)
  • Fixed: 321495 – Thunderbird 1.5rc1 and 1.5rc2 hangs with 945 messages in a POP account
  • Fixed: 323131 – crash after saving all attachments [@ nsMessenger::SaveAllAttachments]
  • Fixed: 328187 – crash at IMAP login with GSSAPI authentication using SSPI library
  • Fixed: 322273 – Crash at [@ nsMsgQuickSearchDBView::ListIdsInThread]
  • Fixed: 322283 – Crash after filter operation with a missing destination folder

Build configuration: (6)

  • Fixed: 307311 – Allow client.mk to build xulrunner + multiple apps in one sweep
  • Fixed: 316177 – command-line options for “-compose” broken
  • Fixed: 316674 – compare-locales should support reasonable numbers of ordered search
  • Fixed: 321791 – mailViews.dat should be in mail.xpi
  • Fixed: 323997 – TARGET_XPCOM_ABI not set in AIX builds
  • Fixed: 329047 – 1.5.0.2 nightlies ABI incompabilities with 1.5

Functionality: (9)

  • Fixed: 180849 – Mail loss in import of NC4 mail when 0x5C(\) is used as 2nd byte of muti-byte character in folder name.
  • Fixed: 307052 – Spellchecker doesn’t display suggestion list for misspelled words if Russian Spell dictionary is installed
  • Fixed: 307527 – Connection timeout with IMAP on dual core systems
  • Fixed: 315625 – When forwarding a message inline, Thunderbird strips inline-images
  • Fixed: 316812 – When address book name is Japanese character, address book is lost when new address book is created
  • Fixed: 317009 – Thunderbird incorrectly decodes =00 in quoted-printable attachments as 0x20, not NULL
  • Fixed: 323318 – When the attachment file name is separated, should append semi-colon(‘;’)
  • Fixed: 323608 – ldap schema’s use of displayName has changed since Thunderbird 1.0x
  • Fixed: 326280 – Suppression of append-domain autocompletion not working

RSS: (4)

  • Fixed: 312008 – RSS feeds stop loading after connection errors
  • Fixed: 315600 – Hangs while validating feed (rdf)
  • Fixed: 320818 – broken parsing on CDATA sections
  • Fixed: 320967 – ‘content:encoded’ field ignored in RSS2 feed parsing

Toolkit: (9)

  • Fixed: 298960 – -remote can no longer handle commas or quotes
  • Fixed: 302099 – How do embedders embed libxul?
  • Fixed: 315434 – Security error with remote <xul:tabbox>: can’t switch tabs if chrome has focus
  • Fixed: 317568 – Stub executable opens console window
  • Fixed: 319410 – textbox element loses content upon resize with direction:rtl and flex
  • Fixed: 320449 – Make properties of GRE_GetGREPathWithProperties useful
  • Fixed: 322354 – libxul always links against X11
  • Fixed: 326772 – compatibility.ini should include TARGET_OS_ABI
  • Fixed: 328505 – [Linux-only] –install-app fails on Linux for packages without a vendor

UI improvements: (6)

  • Fixed: 183394 – sometimes when you delete a message, the focus gets lost instead of going to the next message
  • Fixed: 184811 – addressingwidget appears as sunken, not as button
  • Fixed: 299343 – Can’t copy and paste into the beginning of a line
  • Fixed: 315057 – Display – Fonts tab: The pull-down menu of Character Encodings doesn’t work.
  • Fixed: 320185 – It’s impossible to delete or detach attachment via File Menu
  • Fixed: 326846 – read mail not marked as read

Miscellaneous fixes: (4)

  • Fixed: 320117 – Syntax Error in chrome://editor/content/EdInsertTOC.js
  • Fixed: 322172 – bump copyright year to 2006
  • Fixed: 322994 – Remove palm related files in the installer
  • Fixed: 326128 – Thunderbird 1.5.0.2 – Update build and branch values

Mac-specific: (4)

  • Fixed: 308294 – Thunderbird tinderbox (bg l10n) fails in “$(ZIP) -r9D $(LANGPACK_FILE) install.rdf chrome chrome.manifest”
  • Fixed: 309210 – makexpi.pl only looks for *.so when stripping
  • Fixed: 325410 – Mac builds not packaging .chk files
  • Fixed: 327108 – Cannot save copies to Sent folder. Selections in Copies & Folders are not retained(IMAP)

Intel Mac-related: (9)

  • Fixed: 302212 – Mac OS X x86 builds can’t target SDKs
  • Fixed: 322578 – Support ppc<->x86 cross builds for Mac OS X
  • Fixed: 324855 – Need a script to produce universal binary .app from cpu-specific bits
  • Fixed: 327823 – Support configurable preflight/postflight actions in client.mk
  • Fixed: 327848 – Drive the Mac universal build process entirely in-tree
  • Fixed: 328081 – Support unification of bdate for multi-project builds
  • Fixed: 328391 – .mar generation should package universal build when the build is universal
  • Fixed: 328596 – Difficult to “Open using Rosetta” due to self-relaunching
  • Fixed: 330890 – unify does not preserve the execute bit

Sun-specific: (2)

  • Fixed: 312154 – Start script does not take care of running instance
  • Fixed: 314018 – Error in configure(.in): Sun CXX (CC) compiler defiens __SUNPRO_CC and not __SUNPRO_C

AIX-specific: (1)

  • Fixed: 323997 – TARGET_XPCOM_ABI not set in AIX builds

Windows builds Official Windows installer

Linux builds Official Linux (i686)

Mac builds Official Mac