thunderbird-38.5.0

[Fernando de Oliveira]

This is a Security Release

​https://ftp.mozilla.org/pub/thunderbird/releases/38.5.0/source/thunderbird-38.5.0.source.tar.bz2

​https://ftp.mozilla.org/pub/thunderbird/releases/38.5.0/SHA512SUMS

fed8376375c3ad7df8b773ced7944fb07edbd28e82c907dc6451ad538b8944d6f2a1d5632399f255ab1c7f74a40a9170912fefdbb2fdf423d7dc35108d1baa65 source/thunderbird-38.5.0.source.tar.bz2

​https://ftp.mozilla.org/pub/thunderbird/releases/38.5.0/SHA512SUMS.asc

​https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.5

Security Advisories for Thunderbird

[Edited]

Fixed in Thunderbird 38.5

    Critical
    2015-149 Cross-site reading attack through data and view-source URIs
    2015-134 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)

    High
    2015-146 Integer overflow in MP4 playback in 64-bit versions
    2015-145 Underflow through code inspection
    2015-139 Integer overflow allocating extremely large textures

But apparently it is based on Firefox ESR 38.5, after what happened in previous version:

​https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr38.5

Security Advisories for Firefox ESR
Impact key

Fixed in Firefox ESR 38.5

    Critical
     • 2015-149 Cross-site reading attack through data and view-source
       URIs
     • 2015-138 Use-after-free in WebRTC when datachannel is used after
       being destroyed
     • 2015-134 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)

    High
     • 2015-147 Integer underflow and buffer overflow processing MP4
       metadata in libstagefright
     • 2015-146 Integer overflow in MP4 playback in 64-bit versions
     • 2015-145 Underflow through code inspection
     • 2015-139 Integer overflow allocating extremely large textures

    Moderate

    Low

​https://www.mozilla.org/en-US/thunderbird/38.5.0/releasenotes/

Not available.

[Fernando de Oliveira]

Fixed at r16752.