Thunderbird 2.0.0.22 Released

Changelog for previous release (Thunderbird 2.0.0.21) | Changelogs for other Thunderbird releases

Released on 22 Jun 09, and this changelog was last updated on 23 Jun 09.

Mozilla Thunderbird 2.0.0.22 has been released. Release notes are available. This post lists the improvements in Thunderbird 2.0.0.22 over 2.0.0.21. This list encompasses almost every single known fix that went into this release. Do check out the known issues as well.

The Gecko 1.8.1.x branch (Thunderbird 2.0.0.x series) will not include any features that Gecko 1.9.x will bring, since it is based on Gecko 1.8.

Impact key for security issues listed on the Mozilla Foundation Security Advisories webpage:

  • Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
  • High: Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
  • Moderate: Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
  • Low: Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have “High” impact because those are generally used to steal sensitive data intended for other sites.)

Changes in 2.0.0.22: (11)

Security issues: (7)

  • Fixed: MFSA 2009-33 – Crash viewing multipart/alternative message with text/enhanced part (High)
  • Fixed: MFSA 2009-14 – Crashes with evidence of memory corruption (rv:1.9.0.9) (Moderate)
  • Fixed: MFSA 2009-24 – Crashes with evidence of memory corruption (rv:1.9.0.11) (Moderate)
  • Fixed: MFSA 2009-29 – Arbitrary code execution using event listeners attached to an element whose owner document is null (Moderate)
  • Fixed: MFSA 2009-32 – JavaScript chrome privilege escalation (Moderate)
  • Fixed: MFSA 2009-17 – Same-origin violations when Adobe Flash loaded via view-source: scheme (Low)
  • Fixed: MFSA 2009-27 – SSL tampering via non-200 responses to proxy CONNECT requests (Low)

Other fixes: (4)

  • Fixed: 249754 - Unable to open all mail folders when there are large number of mail folders, after compact
  • Fixed: 412434 - opening a window with -chrome does not work anymore
  • Fixed: 452162 - Lessen the number of cases where a restart is required on application update (mozMapi32.dll and MapiProxy.dll)
  • Fixed: 494718 - Need to add individual .xpts to removed-files.in for Linux

Windows builds Official Windows installer

Linux builds Official Linux (i686)

Mac builds Official Mac (Universal binary)