Thunderbird 1.5.0.13 Released

Changelog for previous release (Thunderbird 1.5.0.12) | Changelogs for other Thunderbird releases

Make a donation to the upkeep of The Rumbling Edge.

Released on 23 Aug 07, and this changelog was last updated on 11 Oct 07.

Mozilla Thunderbird 1.5.0.13 has been released. Release notes are available. This post lists the improvements in Thunderbird 1.5.0.13 over 1.5.0.12. This list encompasses almost every single known fix that went into this release. Do check out the known issues as well.

The Gecko 1.8.0.x branch (Thunderbird 1.5.0.x series) will only bring stability and security bug fixes. As such, no new features will be added.

Impact key for security issues listed on the Mozilla Foundation Security Advisories webpage:

  • Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
  • High: Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
  • Moderate: Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
  • Low: Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have "High" impact because those are generally used to steal sensitive data intended for other sites.)

Changes in 1.5.0.13: (8)

Security issues: (6)

  • Fixed: MFSA 2007-27 – Unescaped URIs passed to external programs (Critical)
  • Fixed: MFSA 2007-23 – Remote code execution by launching Firefox from Internet Explorer (Critical)
  • Fixed: MFSA 2007-18 – Crashes with evidence of memory corruption (rv:1.8.1.5) (Critical)
  • Fixed: MFSA 2007-26 – Privilege escalation through chrome-loaded about:blank windows (Moderate)
  • Fixed: 387403 – Thunderbird eat memory until crash when opening e-mail with broken vcard
  • Fixed: 389613 – back-port -osint logic from bug 384384 to 1.8.0 branch

Functionality: (1)

  • Fixed: 323373 – fails to import all SMTP servers from mozilla suite/netscape 7.2

XULRunner: (1)

  • Fixed: 380398 – appversion manifest flag is broken in certain situations

Windows builds Official Windows installer

Linux builds Official Linux (i686)

Mac builds Official Mac (Universal binary)