You guys heard of Mailsploit? Thunderbird is vulnerable.

Discussion of general topics about Mozilla Thunderbird
Post Reply
User avatar
Sabin
Posts: 111
Joined: November 9th, 2004, 2:35 pm

You guys heard of Mailsploit? Thunderbird is vulnerable.

Post by Sabin »

Hello there,

I thought the information would be relevant, you may want to hear about that.

Long story short, a security researcher has discovered a series of flaws in most of the mail clients that allow to perfectly spoof the sender email address, and the mail client won't realize he is lied to.
Thunderbird is part of the affected clients and - worst of all - it seems the developers have no intention of fixing the issue, with a "not our problem" irresponsible attitude. (Yeah, I call it irresponsible: they could do something to prevent it, doesn't matter that it's not their fault, but from what I've read, currently, they refuse to.)

Check it out: https://www.mailsploit.com/

Once in there, you can click to demo the effect, and in the dropdown list select "Thunderbird".

Here's to hoping it gets fixed eventually. Until then, be wary of emails that look too promising or worrying :)
User avatar
DanRaisch
Moderator
Posts: 127188
Joined: September 23rd, 2004, 8:57 pm
Location: Somewhere on the right coast

Re: You guys heard of Mailsploit? Thunderbird is vulnerable.

Post by DanRaisch »

Until then, be wary of emails that look too promising or worrying
While Mailspoilt is definitely an issue about which to be concerned, that caution has been appropriate since emails were "invented" and applies to any sort of communication, not just email. Users have to consider the content of messages and not just the purported sender.
tomdkat
Posts: 1410
Joined: October 14th, 2003, 7:53 am

Re: You guys heard of Mailsploit? Thunderbird is vulnerable.

Post by tomdkat »

According to the list of vendors affected by Mailsploit on the Mailsploit site, Thunderbird 52.5.0 isn't affected because a patch was released. So, users of the latest version of Thunderbird should be good. :)

Peace...
wsmwk
Posts: 2833
Joined: December 7th, 2004, 6:52 am
Contact:

Re: You guys heard of Mailsploit? Thunderbird is vulnerable.

Post by wsmwk »

DanRaisch wrote:
Until then, be wary of emails that look too promising or worrying
While Mailspoilt is definitely an issue about which to be concerned, that caution has been appropriate since emails were "invented" and applies to any sort of communication, not just email. Users have to consider the content of messages and not just the purported sender.
100% on the mark ^^.

An edge case of this has just been fixed in Thunderbird 52.5.2 https://www.mozilla.org/thunderbird/52. ... easenotes/ where an email address could be obscured by a null character
Post Reply