LANDesk Patch News Bulletin: Mozilla has Released Thunderbird ESR Version 17.0.2 10-JAN-2013

Version 1

    LANDesk Security and Patch News



    • (January 10, 2013) Mozilla has released Thunderbird ESR version 17.0.2. The following issues are fixed in this release of Thunderbird ESR 17.0.2:

    MFSA 2013-20 Mis-issued TURKTRUST certificates

    MFSA 2013-19 Use-after-free in Javascript Proxy objects

    MFSA 2013-18 Use-after-free in Vibrate

    MFSA 2013-17 Use-after-free in ListenerManager

    MFSA 2013-16 Use-after-free in serializeToStream

    MFSA 2013-15 Privilege escalation through plugin objects

    MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype

    MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG

    MFSA 2013-12 Buffer overflow in Javascript string concatenation

    MFSA 2013-11 Address space layout leaked in XBL objects

    MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin policy

    MFSA 2013-09 Compartment mismatch with quickstubs returned values

    MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection

    MFSA 2013-07 Crash due to handling of SSL on threads

    MFSA 2013-05 Use-after-free when displaying table with many columns and column groups

    MFSA 2013-04 URL spoofing in addressbar during page loads

    MFSA 2013-03 Buffer Overflow in Canvas

    MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer

    MFSA 2013-01 Miscellaneous memory safety hazards



    New Vulnerabilities

    • Vulnerability ID – THUNDERBIRDESRv17.0.2_ENU


    Changed Vulnerabilities

    • Vulnerability ID – THUNDERBIRDESRv17.0_ENU (Added the replacement information.)



    New Patch Downloads

    • thunderbird setup 17.0.2esr_enu.exe


    Where to Send Feedback

    At LANDesk, we are constantly striving to improve our products and services and hope you find these changes reflective of our ongoing commitment to listen to you—our partners and customers—in providing the best possible solutions to meet your needs now and in the future.  Please continue to provide feedback by contacting our local support organization.


    Best regards,

    LANDesk Product Support


    Copyright © 2013 LANDesk Software.  All rights reserved. LANDesk is either a registered trademark or trademark of LANDesk Software, Ltd. or its affiliated entities in the United States and/or other countries. Other names or brands may be claimed as the property of others.


    Information in this document is provided for information purposes only.  The information presented here is subject to change without notice.  This information is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including any implied warranties and conditions of merchantability or fitness for a particular purpose. LANDesk disclaims any liability with respect to this document and LANDesk has no responsibility or liability for any third party products of any content contained on any site referenced herein.  This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. For the most current product information, please visit