Thunderbird 1.5.0.4 Released

Changelog for previous release (Thunderbird 1.5.0.2) | Changelogs for other releases

Make a donation to the upkeep of The Rumbling Edge.

Released on 01 Jun 06, and this changelog was last updated on 03 Jun 06.

Mozilla Thunderbird 1.5.0.4 has been released. Release notes are available. This post lists the improvements in Thunderbird 1.5.0.4 over 1.5.0.2. This list encompasses almost every single known fix that went into this release. Do check out the known issues as well.

The Gecko 1.8.0.x branch (Thunderbird 1.5.0.x series) will only bring stability and security bug fixes. As such, no new features will be added. To synchronize the version numbering with Firefox, the 1.5.0.3 numbering was dropped in favour of 1.5.0.4.

Universal binary support for Mac OS X which provides native support for Macintosh with Intel Core processors has been added with this release. However, it must be noted that if you are running Thunderbird 1.5 or Thunderbird 1.5.0.2 on Macintosh computers with Intel Core processors under Rosetta, you will get upgraded to a PowerPC-only, Firefox 1.5.0.4 product via the automated update system. You will need to download the Thunderbird 1.5.0.4 Universal binary build to take advantage of the native support for Intel-based Macintosh computers.

Impact key for security issues listed on the Mozilla Foundation Security Advisories webpage:

  • Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
  • High: Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
  • Moderate: Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
  • Low: Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have “High” impact because those are generally used to steal sensitive data intended for other sites.)

Changes in 1.5.0.4: (31)

Security issues: (9)

  • Fixed: 334384 – Double-free on malformed VCard (Critical)
  • Fixed: 319263, 321101, 336313, 336601 – EvalInSandbox escape (Proxy Autoconfig, Greasemonkey) (Moderate)
  • Fixed: 324918, 325730, 326501, 326931, 327712, 329219, 329982, 330818, 332971, 335535 – Fixes for potential memory corruption (Moderate)
  • Fixed: 329746, 330214 – HTTP response smuggling (Moderate)
  • Fixed: 329677 – Privilege escalation through XUL persist. (Moderate)
  • Fixed: 330773 – Remote compromise via content-defined setter on object prototypes (Moderate)
  • Fixed: 330897 – Buffer overflow in crypto.signText() (Moderate)
  • Fixed: 335816 – Web site XSS using BOM on UTF-8 pages (Moderate)
  • Fixed: 334341 – Using image tags with a non image file, and selected view image, file will still load up, allowing access to system resources

Topcrash: (1)

  • Fixed: 320927 – crash when checking pop3 mail

Crashes: (3)

  • Fixed: 301308 – Crash [@ nsMsgGroupView::~nsMsgGroupView]
  • Fixed: 329595 – Crash on marking mail as Junk (Local Folders)
  • Fixed: 332119 – IMAP folders: if sum of characters in foldernames to long TB crashes or loops when you access the last folder in chain.

Build configuration: (1)

  • Fixed: 324240 – Update OS/2 ReadMe files (newsgroup change, new libc)

Functionality: (4)

  • Fixed: 179056 – “Check for new message every” stops after hibernate
  • Fixed: 268746 – unable to reply, fwd, move or copy .eml opened from disk
  • Fixed: 322808 – Can not launch my own extension using the “-chrome” option.
  • Fixed: 329232 – saving drafts on UW-IMAPD server does not work with default configuration

Localization: (1)

  • Fixed: 314637 – Search Messages can’t find some words in ISO-2022-JP messages

Networking: (1)

  • Fixed: 312009 – IMAP capability flags remembered across capability responses

Printing: (1)

  • Fixed: 334944 – Firefox printing content of <noscript> tag

UI improvements: (2)

  • Fixed: 295956 – Editing message in drafts folder (with IMAP and multiple profiles) results in error.
  • Fixed: 298525 – Phishing State should take precedence over Junk State in the message bar

XPToolkit: (4)

  • Fixed: 325471 – Broken search for path to binary on linux in xulrunner-stub
  • Fixed: 326007 – Xulrunner fails to build using VS.NET 2003 (VC7.1)
  • Fixed: 332091 – Possibility to add “special” part to package names
  • Fixed: 332262 – “smime3.dll not found” error dialog w/ XULRunner embedded in Eclipse

Mac-specific: (4)

  • Fixed: 327037 – Newsgroup names over-abbreviated on UB Mac
  • Fixed: 329796 – [Affects Linux too] Can’t debug XForms on Mac OS X
  • Fixed: 331676 – Crash on search in threaded mode
  • Fixed: 336506 – Bump Thunderbird version to 1.5.0.4

Windows builds Official Windows installer

Linux builds Official Linux (i686)

Mac builds Official Mac (Universal binary)