>60 million Thunderbird downloads since 1.0! (Credit: Asbjørn) | RSS 2.0 link via FeedBurner

« Thunderbird 2.0 Alpha 1 Released - Changelog Part 1 of 2 | Main | 2006-05-06 Thunderbird 2.0 builds »

Thunderbird 1.5.0.4 Released

Sponsored links:

Changelog for previous release (Thunderbird 1.5.0.2) | Changelogs for other releases

Make a donation to the upkeep of The Rumbling Edge.

Released on 01 Jun 06, and this changelog was last updated on 03 Jun 06.

Mozilla Thunderbird 1.5.0.4 has been released. Release notes are available. This post lists the improvements in Thunderbird 1.5.0.4 over 1.5.0.2. This list encompasses almost every single known fix that went into this release. Do check out the known issues as well.

The Gecko 1.8.0.x branch (Thunderbird 1.5.0.x series) will only bring stability and security bug fixes. As such, no new features will be added. To synchronize the version numbering with Firefox, the 1.5.0.3 numbering was dropped in favour of 1.5.0.4.

Universal binary support for Mac OS X which provides native support for Macintosh with Intel Core processors has been added with this release. However, it must be noted that if you are running Thunderbird 1.5 or Thunderbird 1.5.0.2 on Macintosh computers with Intel Core processors under Rosetta, you will get upgraded to a PowerPC-only, Firefox 1.5.0.4 product via the automated update system. You will need to download the Thunderbird 1.5.0.4 Universal binary build to take advantage of the native support for Intel-based Macintosh computers.

Impact key for security issues listed on the Mozilla Foundation Security Advisories webpage:

  • Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
  • High: Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
  • Moderate: Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
  • Low: Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have "High" impact because those are generally used to steal sensitive data intended for other sites.)

Changes in 1.5.0.4: (31)

Security issues: (9)

  • Fixed: 334384 - Double-free on malformed VCard (Critical)
  • Fixed: 319263, 321101, 336313, 336601 - EvalInSandbox escape (Proxy Autoconfig, Greasemonkey) (Moderate)
  • Fixed: 324918, 325730, 326501, 326931, 327712, 329219, 329982, 330818, 332971, 335535 - Fixes for potential memory corruption (Moderate)
  • Fixed: 329746, 330214 - HTTP response smuggling (Moderate)
  • Fixed: 329677 - Privilege escalation through XUL persist. (Moderate)
  • Fixed: 330773 - Remote compromise via content-defined setter on object prototypes (Moderate)
  • Fixed: 330897 - Buffer overflow in crypto.signText() (Moderate)
  • Fixed: 335816 - Web site XSS using BOM on UTF-8 pages (Moderate)
  • Fixed: 334341 - Using image tags with a non image file, and selected view image, file will still load up, allowing access to system resources

Topcrash: (1)

  • Fixed: 320927 - crash when checking pop3 mail

Crashes: (3)

  • Fixed: 301308 - Crash [@ nsMsgGroupView::~nsMsgGroupView]
  • Fixed: 329595 - Crash on marking mail as Junk (Local Folders)
  • Fixed: 332119 - IMAP folders: if sum of characters in foldernames to long TB crashes or loops when you access the last folder in chain.

Build configuration: (1)

  • Fixed: 324240 - Update OS/2 ReadMe files (newsgroup change, new libc)

Functionality: (4)

  • Fixed: 179056 - "Check for new message every" stops after hibernate
  • Fixed: 268746 - unable to reply, fwd, move or copy .eml opened from disk
  • Fixed: 322808 - Can not launch my own extension using the "-chrome" option.
  • Fixed: 329232 - saving drafts on UW-IMAPD server does not work with default configuration

Localization: (1)

  • Fixed: 314637 - Search Messages can't find some words in ISO-2022-JP messages

Networking: (1)

  • Fixed: 312009 - IMAP capability flags remembered across capability responses

Printing: (1)

  • Fixed: 334944 - Firefox printing content of <noscript> tag

UI improvements: (2)

  • Fixed: 295956 - Editing message in drafts folder (with IMAP and multiple profiles) results in error.
  • Fixed: 298525 - Phishing State should take precedence over Junk State in the message bar

XPToolkit: (4)

  • Fixed: 325471 - Broken search for path to binary on linux in xulrunner-stub
  • Fixed: 326007 - Xulrunner fails to build using VS.NET 2003 (VC7.1)
  • Fixed: 332091 - Possibility to add "special" part to package names
  • Fixed: 332262 - "smime3.dll not found" error dialog w/ XULRunner embedded in Eclipse

Mac-specific: (4)

  • Fixed: 327037 - Newsgroup names over-abbreviated on UB Mac
  • Fixed: 329796 - [Affects Linux too] Can't debug XForms on Mac OS X
  • Fixed: 331676 - Crash on search in threaded mode
  • Fixed: 336506 - Bump Thunderbird version to 1.5.0.4

Windows builds Official Windows installer

Linux builds Official Linux (i686)

Mac builds Official Mac (Universal binary)

Filed under 'Thunderbird Releases' | Posted on 1 May 2006 (Mon) by Gary Kwong at 12:00 PM. (GMT+8)

Comments

Nice work!
you should improve your CPU usage

Posted by: at June 2, 2006 6:11 PM

I keep having a lot of sync problems with IMAP accounts...

Posted by: Miriano at June 2, 2006 7:19 PM

CPU is fine for me, just dont use certain plugins/extensions (info in web on which to avoid)

Memory usage is the biggest concern for an email app, ssme goes for firefox, even tho the apps are minimized.

Posted by: Radius at June 2, 2006 8:09 PM

I've had some issues with 100% cpu usage on exit, re: RSS feeds. It's in Bugzilla, though, so I'm sure someone will get to it. Haven't tested the issue in 1.5.0.4 yet (it takes a day before the conditions are right for it to occur)

Posted by: at June 3, 2006 12:12 AM

The issue I have is that I use Thunderbird for both my personal and business email, but most of the time when I'm replying to a message the default is the other email address. That is, if I'm replying to a business email, my personal email and signature comes up, whereas if I'm replying to personal email my business address comes up. That could be potentially catastrophic if I forget to change to the business email. I hope this new update fixes that.

Mitch

Posted by: Mitch at June 3, 2006 3:06 AM

I'm really impressed by how the bug- and release-tracking have developed. Sterling, folk ... truly sterling.

carry on

Posted by: Ben Tremblay at June 3, 2006 3:41 AM