MozillaZine

You guys heard of Mailsploit? Thunderbird is vulnerable.

Discussion of general topics about Mozilla Thunderbird
Sabin

User avatar
 
Posts: 95
Joined: November 9th, 2004, 2:35 pm

Post Posted December 5th, 2017, 2:21 am

Hello there,

I thought the information would be relevant, you may want to hear about that.

Long story short, a security researcher has discovered a series of flaws in most of the mail clients that allow to perfectly spoof the sender email address, and the mail client won't realize he is lied to.
Thunderbird is part of the affected clients and - worst of all - it seems the developers have no intention of fixing the issue, with a "not our problem" irresponsible attitude. (Yeah, I call it irresponsible: they could do something to prevent it, doesn't matter that it's not their fault, but from what I've read, currently, they refuse to.)

Check it out: https://www.mailsploit.com/

Once in there, you can click to demo the effect, and in the dropdown list select "Thunderbird".

Here's to hoping it gets fixed eventually. Until then, be wary of emails that look too promising or worrying :)

DanRaisch
Moderator

User avatar
 
Posts: 120595
Joined: September 23rd, 2004, 8:57 pm
Location: Somewhere on the right coast

Post Posted December 5th, 2017, 5:41 am

Until then, be wary of emails that look too promising or worrying


While Mailspoilt is definitely an issue about which to be concerned, that caution has been appropriate since emails were "invented" and applies to any sort of communication, not just email. Users have to consider the content of messages and not just the purported sender.

tomdkat
 
Posts: 1309
Joined: October 14th, 2003, 7:53 am

Post Posted December 20th, 2017, 8:14 am

According to the list of vendors affected by Mailsploit on the Mailsploit site, Thunderbird 52.5.0 isn't affected because a patch was released. So, users of the latest version of Thunderbird should be good. :)

Peace...

wsmwk
 
Posts: 2538
Joined: December 7th, 2004, 6:52 am

Post Posted December 22nd, 2017, 6:41 am

DanRaisch wrote:
Until then, be wary of emails that look too promising or worrying


While Mailspoilt is definitely an issue about which to be concerned, that caution has been appropriate since emails were "invented" and applies to any sort of communication, not just email. Users have to consider the content of messages and not just the purported sender.

100% on the mark ^^.

An edge case of this has just been fixed in Thunderbird 52.5.2 https://www.mozilla.org/thunderbird/52.5.2/releasenotes/ where an email address could be obscured by a null character

Return to Thunderbird General


Who is online

Users browsing this forum: No registered users and 1 guest