Mozilla has fixed multiple vulnerabilities in the Thunderbird email client.

Version 2.0.0.16 fixes eight vulnerabilities, six of which are rated as moderate. The moderate flaws cover code execution risks (in a CSS reference counter and ScriptLoader component of Thunderbird) and memory corruption flaws.

The CSS reference counter flaw was addressed in a security update for Firefox (version 2.0.0.16) published last week. JavaScript is integral to exploit the bug but the technology isn't enabled by default on Thunderbird hence the lowered security writing on the email client.

Firefox 2.0.0.16 is defined as a critical update but Thunderbird 2.0.0.16 is less important.

Nonetheless, security watchers at the Internet Storm Centre advise Thunderbird users to apply to security and stability update sooner rather than later. ®

Related stories

• Thunderbird 3 release has wings clipped (3 October 2008)
• Mozilla dishes up teasers for concept browser (7 August 2008)
• Firefox sweeps away carpet bombing bug (17 July 2008)
• Thunderbird 2 is go (19 April 2007)
• Review Firefox 2.0: happier browsing, but secure? (30 January 2007)