LANDesk Patch News Bulletin: Mozilla has Released Thunderbird ESR Version 10.0.8 10-OCT-2012

Version 1

    LANDesk Security and Patch News



    • (October 10, 2012) Mozilla has released one update Thunderbird ESR 10.0.8. The following issues are resolved in this release:

    MFSA 2012-87 Use-after-free in the IME State Manager

    MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer

    MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer

    MFSA 2012-84 Spoofing and script injection through location.hash

    MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties

    MFSA 2012-82 top object and location property accessible by plugins

    MFSA 2012-81 GetProperty function can bypass security checks

    MFSA 2012-79 DOS and crash with full screen and history navigation

    MFSA 2012-77 Some DOMWindowUtils methods bypass security checks

    MFSA 2012-74 Miscellaneous memory safety hazards



    New Vulnerabilities

    • Vulnerability ID – THUNDERBIRDESRv10.0.8_ENU


    Changed Vulnerabilities

    • Vulnerability ID – THUNDERBIRDESRv10.0.7_ENU (Added the replacement information.)



    New Patch Downloads

    • thunderbird setup 10.0.8esr_enu.exe


    Where to Send Feedback

    At LANDesk, we are constantly striving to improve our products and services and hope you find these changes reflective of our ongoing commitment to listen to you—our partners and customers—in providing the best possible solutions to meet your needs now and in the future.  Please continue to provide feedback by contacting our local support organization.


    Best regards,

    LANDesk Product Support


    Copyright © 2012 LANDesk Software.  All rights reserved. LANDesk is either a registered trademark or trademark of LANDesk Software, Ltd. or its affiliated entities in the United States and/or other countries. Other names or brands may be claimed as the property of others.


    Information in this document is provided for information purposes only.  The information presented here is subject to change without notice.  This information is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including any implied warranties and conditions of merchantability or fitness for a particular purpose. LANDesk disclaims any liability with respect to this document and LANDesk has no responsibility or liability for any third party products of any content contained on any site referenced herein.  This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. For the most current product information, please visit