Thunderbird 2.0.0.24 Released

Changelog for previous release (Thunderbird 2.0.0.23) | Changelogs for other Thunderbird releases

Released on 16 Mar 10, and this changelog was last updated on 19 Mar 10.

Mozilla Thunderbird 2.0.0.24 has been released. Release notes are available. This post lists the improvements in Thunderbird 2.0.0.24 over 2.0.0.23. This list encompasses almost every single known fix that went into this release. Do check out the known issues as well.

The Gecko 1.8.1.x branch (Thunderbird 2.0.0.x series) will not include any features that Gecko 1.9.x will bring, since it is based on Gecko 1.8.

This is the last planned security and stability release for Thunderbird 2.0.0.24.

Impact key for security issues listed on the Mozilla Foundation Security Advisories webpage:

  • Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
  • High: Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
  • Moderate: Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
  • Low: Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have “High” impact because those are generally used to steal sensitive data intended for other sites.)

Changes in 2.0.0.24: (13)

Security issue: (5)

  • Fixed: MFSA 2009-49 – TreeColumns dangling pointer vulnerability (Critical)
  • Fixed: MFSA 2009-59 – Heap buffer overflow in string to number conversion (Critical)
  • Fixed: MFSA 2010-07 – Fixes for potentially exploitable crashes ported to the legacy branch (Critical)
  • Fixed: MFSA 2009-68 – NTLM reflection vulnerability (High)
  • Fixed: MFSA 2009-62 – Download filename spoofing with RTL override (Low)

Other fixes: (8)

  • Fixed: 284876 – Trunk TB10 crash while sending mail [@ nsMsgLocalMailFolder::WriteStartOfNewMessage() ]
  • Fixed: 305168 – Too many recipients when copy/paste address line or sending from MS Access (increase max to 2000)
  • Fixed: 376192 – Thunderbird crashes immediately upon accessing IMAP server (duplicate entries in .mailboxlist) [@ nsImapServerResponseParser::mailbox] – imap protocol log “Internal Syntax Error
  • Fixed: 387502 – Mailboxes are allowed to grow larger than 4gb in size
  • Fixed: 440236 – crash after connection lost [@ nsMsgDatabase::GetTableCreateIfMissing(char const*, char const*, nsIMdbTable**, unsigned int&, unsigned int&)], in v2 [@ nsMsgDatabase::GetTableCreateIfMissing]
  • Fixed: 494706 – [1.8 branch only] Thunderbird creates 4 GB Trash file out of less than 200 kB of deleted mail (If data write to file for “target folder of mail move/copy” is temporary interfered by other software, Tb 2 generates file of file_size=4GB-1)
  • Fixed: 536129 – Update mail/ copyright dates to 2010
  • Fixed: 536667 – Thunderbird 2 app.update.url needs updating to supply OS version information to aus

Windows builds Official Windows installer

Linux builds Official Linux (i686)

Mac builds Official Mac (Universal binary)