Mozilla Firefox 10.0.2, Thunderbird 10.0.2 Released

Mozilla has just released Firefox 10.0.2 to the public, the third release in less than a month’s time (you can read up on Firefox 10 and Firefox 10.0.1 by following the posted links). The previous update fixed several crash related issues that affected a high number of Firefox users.

Firefox 10.0.2 is a security update that is resolving one critical security vulnerability in the browser. The vulnerability could allow attackers to cause a crash and potentially exploit the issue. Affected by the vulnerability are both Firefox 10.0.1 and 10.0.1 ESR, as well as Thunderbird 10.0.1 and 10.0.1 ESR, and SeaMonkey 2.7.1.

The developers have implemented additional changes and improvements into the new Firefox version. Firefox is now supporting Anti-Aliasing for WebGL and accelerated layers via OpenGL ES. The bdi element for bi-direction text isolation with supporting CSS properties has been added in the release as well.

The only other changes are a fix for a rare issue where the browser would not load web pages or close tabs anymore, and a new Set Up Sync menu entry in the Firefox home menu.

Existing Firefox 10.x users should see update notifications in their web browser. A click on Firefox > Help > About Firefox opens a screen where update checks can be performed manually. Here you also see the current version of the web browser.

New users can download the latest stable version of Firefox from the official website. You can open the release notes here to take a look at the changes and known issues. All known issues seem to affect the Firefox mobile browser Fennec for the Android operating system only.

Minor updates like these should not cause any problems for existing Firefox installations.

Thunderbird users can download the latest version of their email client from the Thunderbird website. Existing Thunderbird users should receive update notifications in the client by now. Only the security issue was fixed in the email client.

Thunderbird to get Dropbox and File Hosting Integration

When it comes to sending files to other people, Internet users have a lot of options at their hand. From uploading them to ftp servers or file sharing sites to sending them per email or using a direct transfer client. All are either difficulty to set up for users who are not that tech-savvy, or not reliable enough to trust them with important documents or files.

When you look at email, you will notice that the biggest thing holding it back in this regard is the attachment size limitation per email. These limits are usually in the 20 to 25 Megabyte range, and to make matters worse, selected by the email provider which means that different providers may have different attachment limits.

Microsoft found a way around this by using their online file hosting and management service SkyDrive for this. Users simply upload larger files directly to their SkyDrive account from where they can be downloaded by the email’s recipients. This method offers several advantages, from the ability to upload very large files without having to worry about bouncing emails to being able to replace the files online if necessary without resending them to the recipients.

The Thunderbird team over at Mozilla plans to integrate a similar feature into Thunderbird 13. According to the Big Files feature entry at the official wiki site, the team aims to resolve several attachment related issues with the integration:

• offer a way to easily share very large files through email
• reduce ‘file too big’ bounce email situations
• encourage file sharing over copying
• save recipients inbox space and eliminate file duplication for multiple recipients
• increase attachment sending and receiving speed

The idea is to scan the attachment file size and warn the user that it may bounce because of its size. The email client would then offer the user to use online storage services instead of an attachment. The developers furthermore want to include an option to detach attachments to the cloud instead of local storage.

Not every user has an account at one of the supported services, which is why the developers aim to include an on-the-fly signup option directly in the email client. The developers want Thunderbird to detect file hosting quote issues in the browser, to avoid situations where a file would go over the allowed quote. The idea is to display multiple solutions, from deleting files to signing up for a premium service.

The following services have been mentioned in the document as potential services that the developers want to implement into Thunderbird:

• File storage services: YouSendIt, Box.net, DropBox, Ubuntu One, Amazon Cloud Drive
• Document management platforms: Google Docs, MS SkyDrive
• Enterprise services: MS Sharepoint
• Others: FTP, network drives

The team status notes indicate that the developers are currently working on the Dropbox integration in Thunderbird with other services likely to follow later in the development phase.

The idea to integrate file storage services, document management platforms and other services could give the email client a much needed boost. What’s your take on the integration? (thanks to Sören Hentschel for mentioning it casually on Google+)

Thunderbird 10.0.1 Update Released

Mozilla has just released an update to the Thunderbird email client, shortly after releasing a similar update for the Firefox web browser that brought the version to 10.0.1. Thunderbird 10.0.1 is a stability and security release, and as thus a recommended update for all users of the messaging software.

The update is already available, and Thunderbird users can either download it from the official developer website or use their client’s internal updater to download and apply it. A click on Help > About Thunderbird performs the update check and displays the current version of the program in a small window.

Lets take a look at the changes in Thunderbird 10.0.1.

The security advisory page over at Mozilla offers details on the issue that has been fixed in the update. It affected not only the email client, but also Thunderbird and SeaMonkey as well.

Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable.

The change log lists several fixes to improve stability without going into further detail on the subject. Sören Hentzschel mentioned a crash in the client’s importer when importing mails from Microsoft Outlook.

The release of Thunderbird 10.0.1 comes less than two weeks after the last update that moved the version of the email client to 10. Thunderbird 10 introduced a new right-click search option to search directly from within Thunderbird. Results are either displayed directly in Thunderbird in new tabs, or in the default web browser whichever is preferred.

Other changes include new keyboard shortcuts and an extension compatibility change that should reduce the issues that Thunderbird users have in this regard.

Email Client Thunderbird 10 Released

Regular readers know that Mozilla has synchronized the release schedules for both the Firefox web browser and the Thunderbird email client. Both applications share the same rapid release process, and both are usually updated at the same day.

Mozilla today, after releasing Firefox 10, has also released Thunderbird 10, a new version of the email software.

Thunderbird too is now flagging add-ons as compatible by default. Add-ons ship with minimum and maximum version compatibility information. The issue previously was that add-ons were flagged as incompatible if the author failed to update the version information in time. This made it difficulty for developers to keep their add-ons compatible with the latest releases.

Another change is the native integration of the Open Search extension in the email client. A right-click now displays an option to search for the selected term on the Internet. This is handled in the email client and not in the default system web browser.

The rendering component uses the Gecko 10 engine that the Firefox web browser uses as well.

Users who do not want their searches to open in the email client can set the preference mail.websearch.open_externally to true. This is done with a click on Tools > Options, switching to Advanced > General, clicking on Config Editor in the menu and filtering for the above preference. Just double-click it to toggle its value from false to true. Is there a way to disable web search completely? Not that I’m aware off. Maybe there is a preference but I have not found it yet.

Two new keyboard shortcuts have been added to Thunderbird 10, in addition to the changes outlined above. It is now possible to add attachments to messages with the Ctrl-Shirt-A (Command-Shift-A) shortcut. Named anchors can now be removed with Ctrl-Shift-R (Coammdn-Shift-R), and messages in the message reader and compose window can now be zoomed with the scroll wheel (Ctrl-Scroll Wheel).

Thunderbird users should have received update information by now in the email client. New users can download the latest version for all supported operating systems and languages from the Mozilla website.

How To Make Thunderbird More Secure

I have been a user of the desktop email client Mozilla Thunderbird for the past five or so years. In that time, I have modified the default settings and behavior of the client to make it more secure against attacks and other malicious activities and issues. This guide acts as an overview of what I have done in those years. Please note that while it makes your email client securer, it does not make the program invincible. Common sense is still one of the most powerful weapons in a computer user’s arsenal.

I also have to say at this point that I’m not including add-ons in this guide. This guide only looks at the native options that Thunderbird offers. The majority of changes should also be applicable in other email programs.

1. Disable HTML messages

I get it. HTML messages look nicer. You can do all kinds of things with HTML messages that you cannot do with plain text messages. Plain text messages on the other hand only display textual contents and nothing else, which reduces the likelihood of exploits.

You find the setting under View > Message Body As > Plain Text.

2. Disable JavaScript

The developers have removed JavaScript in Thunderbird 3 for emails completely. There is no option to enable JavaScript for emails. JavaScript for RSS feeds is enabled on the other hand. Thunderbird users who do not use RSS or do not want JavaScript in their feeds can disable it the following way. Click on Tools > Options > Advanced tab > Config Editor to open the advanced configuration window.

Filter for the term JavaScript and double-click JavaScript.enabled to set it to false if it is set to true.

3. Use SSL

You should furthermore make sure that all of your email accounts use SSL connections to protect against snooping and eavesdropping. Click on Tools > Account settings, and there on the Server Settings listing underneath each email account.

Check the help pages or contact support if None is selected under Connection Security. You also need to click on Outgoing Server (SMTP) at the bottom of the listing to see if all outgoing servers are also using SSL for connections.

4. E-Mail Scams

Go to Tools > Options > Security > E-Mail Scams and make sure that Tell me if the message I’m reading is a suspected email scam is enabled. This basically checks back if the email is a known scam email and warns you if it is.

5. Master Password

If you are working on a multi-user PC or want to protect your email passwords from unauthorized access, you should consider setting a master password in the email client for that purpose. Anyone with access to the PC can look at all email usernames and passwords if they are not protected with a master password.

Click on Tools > Options > Security, and check the Use a master password box there to enable the option. You are then asked to enter a password which from that moment on will protect the password database from unauthorized access.

Thunderbird displays a form on start up that asks for that master password. The password quality meter visualizes the strength of the selected password.

6. Disable the preview pane

Thunderbird uses a layout with three panes by default. Email accounts and folders on the left, the email messages on the upper right, and the preview pane at the bottom right.

Email previews are automatically displayed when you select a message in the email client. You may want to disable that feature as it may be used for malicious purposes. Please note that this is unlikely, especially if you have disabled HTML messages and JavaScript.

The easiest way to disable the message preview pane is to press the F8 key on the keyboard. You can re-enable the pane easily with another tap on the same key.

7. Display All Headers

Email headers help you find out if an email is legit or fake. Thunderbird displays a compact version by default which cannot be used to verify an email address. You can enable full email headers with a click on View > Headers > All.

Please note that Thunderbird limits the space available for email headers on its page. You can scroll the page by holding down the left mouse button and moving the scroll wheel up or down.

Closing Words

Add-ons can furthermore improve security but that’s outside of the scope of this guide. Let me know if you are interested in a list of security related add-ons for the Thunderbird email client.

Have additional tips you’d like to share? Let me know in the comments.

Email Client Thunderbird 9 Is Now Available

Thunderbird users who are running the latest stable version of the browser are currently receiving update notifications in the email client. Mozilla Messaging has just released version 9 stable of the program for all supported operating systems. Thunderbird users can alternatively download Thunderbird 9 final from the Mozilla website where it is also offered for all operating systems and languages.

The release notes list several fixed security vulnerabilities which make Thunderbird 9 a mandatory update for all users of the email client. The security advisories page lists a total of seven security vulnerabilities, of which one has been rated critical and the other six as moderate.

It is however relative unlikely that Thunderbird will see attacks exploiting the issue, as it uses a crash when scaling an Ogg video element to extreme sizes.

The remaining list of changes is not nearly as spectacular. Thunderbird 9 uses the new Mozilla Gecko 9 engine, and an opt-in system to send anonymous performance and usability reports to Mozilla. The data is used to improve future versions of the email client. This is the same feature that has already been implemented into the Firefox web browser.

Windows users can now show and hide the menu bar when they press the Alt key. The change log furthermore lists better keyboard handling for attachments without going into details as to what has been improved in the version.

The only other features listed in the change log are additional support for Personas, and “several user interface fixes and improvements”.

Thunderbird 9 ships with another change that has not been mentioned in the release notes. Users who click on the Tools menu will notice a new Test Pilot entry there. This is a Thunderbird extension that the developers have installed in the email client. Test Pilot is used to “make Thunderbird better by running user studies”.

Silently installing the extension without giving users options to opt-out during updating or installation is definitely something to be criticized. Thunderbird users can however uninstall the extension in the add-ons manager.

Have you updated your version of Thunderbird yet? What’s your take on the new version?

---

© Martin Brinkmann for gHacks Technology News | Latest Tech News, Software And Tutorials, 2011. | Permalink |
Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: Email, thunderbird, thunderbird update