Did You Know?



Reply
Community Leader
Jasper_The_Rasper
Posts: 1,071
Registered: ‎06-12-2013

Flaw in Thunderbird bypasses Firefox 'Torified' security and privacy defenses

Do you use the free email client Thunderbird? Do you also use Tor? If so, then there's been a security flaw awaiting a fix from Mozilla for over two years; now the bug has been publicly disclosed.Thunderbird security bug Mike Cardwell, a developer, IT consultant, sysadmin and security researcher in the UK, informed the Tor-talk mailing list about a security issue in the Thunderbird app.Thunderbird logo

Normally, when you click on a link in email, the link opens in your default web browser. Hopefully, you've all but weaponized your browser with extensions and addons to better protect your privacy and security. If you are using Tor, then you're going to a bit more trouble to protect yourself and you don't want your defenses bypassed. However, when blogging more details about the security leak in Thunderbird, Cardwell  explained: "I've discovered a way of crafting a link such that when you're using Thunderbird and you click on that link, it opens the website in a new Thunderbird tab instead of in the external web browser."

 

In Cardwell's case, his "browser of choice is Firefox." He wrote:

    "I have made various configuration changes and installed various addons in Firefox to enhance my security and privacy. Amongst other things, I use RequestPolicy, NoScript, RefControl, AdBlock, CipherFox, HTTPS-Everywhere, I have proxy settings and sometimes I use Tor. If a link opens in a Thunderbird tab instead of a Firefox tab, all of those defenses are bypassed.

    Secondly, when the external website opens in a Thunderbird tab, there is no identifying chrome around the page which would allow the user to differentiate between a tab containing any other part of the Thunderbird interface and a malicious site which is spoofing part of the Thunderbird interface."

 

Full Article

Community Leader

Please use plain text.
DavidP1970
Posts: 3,166
Kudos: 1,604
Registered: ‎10-28-2012

Re: Flaw in Thunderbird bypasses Firefox 'Torified' security and privacy defenses

A flaw that has been known for 2 years and still not fixed?!  That is not exactly reassuring about that mail client....



      

New to the Community? Register now and start posting!



Helpful Webroot Links:


Download (PC)   Download (Best Buy Subscription)   Submit Trouble Ticket   Account Console   User Guides   



"If you don't learn something new every day, you need to pay more attention. I often get my daily learning here so grab a chair and stay a while!"
WSA-Complete (Beta Tester), Toshiba Satellite L305, Intel Pentium Dual CPU at 1.87 GHz, 3 GB RAM With Windows 7 (x86) (Yes its old.. but it still usually works! : )
Please use plain text.
Community Leader
Jasper_The_Rasper
Posts: 1,071
Registered: ‎06-12-2013

Re: Flaw in Thunderbird bypasses Firefox 'Torified' security and privacy defenses

I agree. I know some flaws can take a bit of time but 2 years is ridiculous.

Community Leader

Please use plain text.