
Der kostenlose Mailclient Thunderbird, den es für Linux, Windows und macOS gibt, erhielt das Update 102.7.1. Das Update schließt 1 Sicherheitslücken und behebt diverse Fehler. Unter den Fehlern ist ein Fix aus der vorherigen Version in der Verbindung mit Office 365 Accounts nicht mögilch war.
Thunderbird 102.7.1 Security Fix
#CVE-2023-0430: Revocation status of S/Mime signature certificates was not checked
Reporter: Paul Menzel
Impact: high
Description
Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug.
References
Thunderbird 102.7.1 Release Notes
FIXED
- Microsoft Office 365 accounts were unable to authenticate
- Switching identities caused remote images in HTML signatures to not be shown
- Thunderbird failed to import vCards that contained “\r\r\n” line endings
- Contribution button for add-ons opened Contribution page in a Thunderbird tab, instead of the external browser
- XMPP did not respond to unrecognized IQ queries, causing some servers to close the connection
- Window titlebar buttons (minimize/maximize/close) were not displayed in Windows 10 “Dark” color mode