Mozilla Messaging has patched five bugs in its Thunderbird e-mail client to fix flaws that were disclosed more than a month ago.
Thunderbird 220.127.116.11 patches vulnerabilities in the Firefox engine, which the open-source e-mailer uses to render HTML. The same holes were closed in late March for the Mozilla Web browser.
Rather than delay updates to Firefox users -- who greatly outnumber those who use Thunderbird -- Mozilla instead decided not to wait until Thunderbird's fixes could be crafted.
Mozilla Messaging rated the vulnerabilities as "Moderate," the second level in its four-step threat-ranking system, even though they were originally labeled as "Critical" when patched in Firefox.
Thunderbird 18.104.22.168 can be downloaded from the Mozilla site in versions for Windows, Mac OS X and Linux. People running the e-mail client can call up its built-in updater or wait for the automatic update notification, which typically appears within 48 hours after a new version is added to Mozilla's servers.
Most of Mozilla Messaging attention is now on Thunderbird 3.0, which has yet to release in its first alpha version. The company has not committed to a release schedule for the e-mail client's next major upgrade.
Mozilla Messaging is a subsidiary of the nonprofit Mozilla Foundation, and was created last year as a companion to Mozilla Corp, which develops Firefox, after Mitchell Baker, then the CEO of Mozilla Corp., said her company would stop development because it needed to focus on its browser. Baker seeded Mozilla Messaging with US$3 million in start-up cash last September, and hired Ascher, who had led the Python projects at ActiveState Software, a programming tools developer in Vancouver, British Columbia.