Update-to:
041708-02 "Update available for Mozilla Firefox"
032608-01 "Updates available for Mozilla products"

OS/Platform/Application:

Mozilla Thunderbird all versions older than 2.0.0.14

Category: ALERT
Severity: MEDIUM
Attention: Mozilla Thunderbird users, System Administrators, Desktop Support Personnel

Summary: The Mozilla Foundation has released version 2.0.0.14 of its popular Thunderbird email client.  Version 2.0.0.14 fixes two critical security vulnerabilities that could (if successfully exploited) result in result in a range of unfavorable outcomes including program crash and complete takeover of a vulnerable computer. 

Thunderbird version 2.0.0.14 was released as a direct upgrade from 2.0.0.12.  Thunderbird 2.0.0.13 was never released by Mozilla.

Recommended Actions:  Thunderbird users, system administrators, and desktop support personnel are encouraged to read the security bulletin and apply the appropriate update at their earliest convenience (safe links provided below).  

Readers are encouraged to share this alert with family, friends, and associates who may use Mozilla Thunderbird on their home PCs.

ITS Actions: N/A

Resources:

List of vulnerabilities fixed in Thunderbird 2.0.0.14
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird2.0.0.14

Thunderbird download page:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird2.0.0.14

ALARM Alert 041708-02 "Update available for Mozilla Firefox"
http://www.albany.edu/its/alerts_archive_2008_3604.htm

ALARM Alert 032608-01 "Updates available for Mozilla products"
http://www.albany.edu/its/alerts_archive_2008_3561.htm