Ukraine links members of Gamaredon hacker group to Russian FSB
Samsung Galaxy S21 hacked on second day of Pwn2Own Austin
Microsoft Exchange ProxyShell exploits used to deploy Babuk ransomware
US targets DarkSide ransomware, rebrands with $10 million reward
Samsung sued for flawed Chromebook hinges cracking displays
OneDrive reaches end of support on Windows 7, 8 in January
This 3-course bundle helps you master PivotTables in Microsoft Excel
The Week in Ransomware – November 5th 2021 – Placing bounties
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
​Mozilla released  Thunderbird 91.3 to fix several high-impact vulnerabilities that can cause a denial of service, spoof the origin, bypass security policies, and allow arbitrary code execution.
Triggering most of the newly discovered bugs requires a user to open a specially crafted website in a browsing context, so the exploitation is relatively simple.
Mozilla Thunderbird 91.3 fixes ten flaws discovered by various researchers that cover a broad spectrum of the email client’s functionality.
One vulnerability tracked as CVE-2021-38505 is of particular interest as its related to the Windows 10 Cloud Clipboard. 
The Windows 10 Cloud Clipboard feature was introduced in 2018, and if enabled, will sync data you copy to the clipboard into the cloud, so it is available on other devices you have an account.
To prevent sensitive data from being synced to the cloud, Microsoft introduced specific clipboard formats that Windows would not copy to the cloud. However, Thunderbird and Mozilla did not use those formats, potentially allowing sensitive data to be synchronized.
“Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios,” explained Mozilla.
“Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user’s Microsoft account.”
Due to the severity of the above flaws, upgrading the popular email client to version 91.3 or later should be done as soon as possible.
To upgrade to the latest version immediately, open Thunderbird, click on the app menu, and select Help > About Thunderbird. From there, you will be offered the option to download and install the latest available version.
Ubuntu has also released a security notice for Thunderbird for the flaws that concern the Linux distribution, and an updated package has been made available on the stable repository.
The latest stats from Mozilla show that only 65% of Thunderbird users have upgraded to 91.x, with the rest still using older, unsupported, and now vulnerable versions.
A month ago, Mozilla forced an upgrade from 78.x to 91.x, to ensure that everyone is running the latest stable version of the email client.
However, due to add-on incompatibility issues between the two major releases, many users have opted to stay on 78.x, which from a security perspective, is getting increasingly risky.
Mozilla upgrades older Thunderbird clients to the latest version
Android October patch fixes three critical bugs, 41 flaws in total
Over 30,000 GitLab servers still unpatched against critical bug
Android November patch fixes actively exploited kernel bug
Mozilla blocks malicious add-ons installed by 455K Firefox users
Not a member yet? Register Now
US defense contractor Electronic Warfare hit by data breach
Pwn2Own: Printer plays AC/DC, Samsung Galaxy S21 hacked twice
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

Microsoft Exchange servers hacked to deploy BlackByte ransomware

Former Ubiquiti dev charged for trying to extort his employerNew malware hides…

Microsoft reverses Windows 11's annoying default browser setting changes

FBI: Cuba ransomware breached 49 US critical infrastructure orgsResearchers discover 14 new…

Robinhood discloses data breach impacting 7 million customers

State hackers breach defense, energy, healthcare orgs worldwideMediaMarkt hit by Hive ransomware,…

Upgraded to log4j 2.16? Surprise, there's a 2.17 fixing DoS

TellYouThePass ransomware revived in Linux, Windows Log4j attacksCredit card info of 1.8…