SillyDog701

[profman]

Thunderbird 2.0.0.24 is now out.

Thunderbird Release Notes

Here is a list of the security fixes for 2.0.0.24 along with a link for the listing.

Fixed in Thunderbird 2.0.0.24
MFSA 2010-07 Fixes for potentially exploitable crashes ported to the legacy branch
MFSA 2009-68 NTLM reflection vulnerability
MFSA 2009-62 Download filename spoofing with RTL override
MFSA 2009-59 Heap buffer overflow in string to number conversion
MFSA 2009-49 TreeColumns dangling pointer vulnerability

Fixed in Thunderbird 2.0.0.24

There is a mozilla wiki section on 2.0.0.24 that discusses bugs.

mozilla wiki: Releases/Thunderbird 2.0.0.24

This 2.0.0.24 update is being offered to me via Thunderbird's "Software Update" feature. I will be installing it right after this post. You may, unless I post otherwise, assume that the upgrade went without a hitch.

I plan on sticking with the 2.0.0.x branch until the 3.x branch appears a bit more "problem free."

[Edited to reflect appearance of the security fixes. profman 3/18/2010]

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 GTB6 (.NET CLR 3.5.30729)

[Fulvio]

Thank you for info. I am, actually, using 2.0.0.25pre nightly, which has exibited one problem, reported by others. I am using AVG as antivirus, and it, routinely, flags a "xpicleanup.exe" file, found the profile, as trojan. I think that it is a false positive, and if not appearing in 2.0.024, I may try it.
As for 3.x, there is a lot of discontent, but the developers don't seem to read, even their own message board.
And, 3.1pre is even worse, as it does not download messages, automatically. What, if anything, is in the minds of the developers?

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6