JARVIS
Der kostenlose Mailclient für Windows, MacOS und Linux, Thunderbird, erhielt das Update 102.3.1. Das Update behebt 4 Fehler, führt 2 Änderungen durch und schließt 4 Sicherheitslücken.
Thunderbird 102.3.1 Security Notes
#CVE-2022-39249: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators
ReporterMartin R. Albrecht and Dan Jones from the Information Security Group at Royal Holloway University London, Benjamin Dowling from Security of Advanced Systems Group, University of Sheffield and Sofía Celi from Brave SoftwareImpacthigh
Description
Thunderbird users who use the Matrix chat protocol were vulnerable to an impersonation attack. A malicious server administrator could fake encrypted messages to look as if they were sent from another user on that server.
References
#CVE-2022-39250: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack
ReporterMartin R. Albrecht and Dan Jones from the Information Security Group at Royal Holloway University London, Benjamin Dowling from Security of Advanced Systems Group, University of Sheffield and Sofía Celi from Brave SoftwareImpacthigh
Description
Thunderbird users who use the Matrix chat protocol were vulnerable to an impersonation attack. A malicious server administrator could interfere with cross-device verification to authenticate their own device.
References
#CVE-2022-39251: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack
ReporterMartin R. Albrecht and Dan Jones from the Information Security Group at Royal Holloway University London, Benjamin Dowling from Security of Advanced Systems Group, University of Sheffield and Sofía Celi from Brave SoftwareImpacthigh
Description
Thunderbird users who use the Matrix chat protocol were vulnerable to an impersonation attack. An adversary could spoof historical messages from other users. Additionally, a malicious key backup to the user’s account under certain unusual conditions in order to exfiltrate message keys.
References
#CVE-2022-39236: Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue
ReporterNoneImpactmoderate
Description
Thunderbird users who use the Matrix chat protocol were vulnerable to a data corruption issue. An adversary could potentially cause data integrity issues by sending specially crafted messages.
References
Thunderbird 102.3.1 Changes
- Compose window encryption options now only appear for encryption technologies that have already been configured
- Number of contacts in currently selected address book now displayed at bottom of Address Book list column
Thunderbird 102.3.1 Fixes
- Password prompt did not include server hostname for POP servers
Edit Contactwas missing from Contacts sidebar context menus- Address Book contact lists cut off display of some characters, the result being unreadable
- Menu items for dark-themed alarm dialog were invisible on Windows 7
Quelle: Thunderbird — Release Notes (102.3.1) — Thunderbird
Interessiert in verschiedenste IT Themen, schreibe ich in diesem Blog über Software, Hardware, Smart Home, Games und vieles mehr. Ich berichte z.B. über die Installation und Konfiguration von Software als auch von Problemen mit dieser. News sind ebenso spannend, sodass ich auch über Updates, Releases und Neuigkeiten aus der IT berichte. Letztendlich nutze ich Taste-of-IT als eigene Dokumentation und Anlaufstelle bei wiederkehrenden Themen. Ich hoffe ich kann dich ebenso informieren und bei Problemen eine schnelle Lösung anbieten. Wer meinen Aufwand unterstützen möchte, kann gerne eine Tasse oder Pod Kaffe per PayPal spenden – vielen Dank.