Hello there,
I thought the information would be relevant, you may want to hear about that.
Long story short, a security researcher has discovered a series of flaws in most of the mail clients that allow to perfectly spoof the sender email address, and the mail client won't realize he is lied to.
Thunderbird is part of the affected clients and - worst of all - it seems the developers have no intention of fixing the issue, with a "not our problem" irresponsible attitude. (Yeah, I call it irresponsible: they could do something to prevent it, doesn't matter that it's not their fault, but from what I've read, currently, they refuse to.)
Check it out: https://www.mailsploit.com/
Once in there, you can click to demo the effect, and in the dropdown list select "Thunderbird".
Here's to hoping it gets fixed eventually. Until then, be wary of emails that look too promising or worrying
You guys heard of Mailsploit? Thunderbird is vulnerable.
- Sabin
- Posts: 111
- Joined: November 9th, 2004, 2:35 pm
- DanRaisch
- Moderator
- Posts: 127188
- Joined: September 23rd, 2004, 8:57 pm
- Location: Somewhere on the right coast
Re: You guys heard of Mailsploit? Thunderbird is vulnerable.
While Mailspoilt is definitely an issue about which to be concerned, that caution has been appropriate since emails were "invented" and applies to any sort of communication, not just email. Users have to consider the content of messages and not just the purported sender.Until then, be wary of emails that look too promising or worrying
-
- Posts: 1410
- Joined: October 14th, 2003, 7:53 am
Re: You guys heard of Mailsploit? Thunderbird is vulnerable.
According to the list of vendors affected by Mailsploit on the Mailsploit site, Thunderbird 52.5.0 isn't affected because a patch was released. So, users of the latest version of Thunderbird should be good.
Peace...
Peace...
-
- Posts: 2833
- Joined: December 7th, 2004, 6:52 am
- Contact:
Re: You guys heard of Mailsploit? Thunderbird is vulnerable.
100% on the mark ^^.DanRaisch wrote:While Mailspoilt is definitely an issue about which to be concerned, that caution has been appropriate since emails were "invented" and applies to any sort of communication, not just email. Users have to consider the content of messages and not just the purported sender.Until then, be wary of emails that look too promising or worrying
An edge case of this has just been fixed in Thunderbird 52.5.2 https://www.mozilla.org/thunderbird/52. ... easenotes/ where an email address could be obscured by a null character