Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Thunderbird 24.6.0

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as resolved.
colemann Thunderbird 24.6.0
Member 11th Jun, 2014 21:02
Ranking: 0
Posts: 2
User Since: 11th Jun, 2014
System Score: N/A
Location: UK
Any one seeing issues with Thunderbird 24.6.0 ? This version is installed but PSI is reporting it as 24.6.0.5274 (fie version of the exe file).

Post "RE: Thunderbird 24.6.0" has been selected as an answer.

Maurice Joyce

RE: Thunderbird 24.6.0
[+]
This reply has been deleted
clinfoot RE: Thunderbird 24.6.0
Member 11th Jun, 2014 22:35
Score: 15
Posts: 4
User Since: 6th Aug 2010
System Score: N/A
Location: N/A
Same issue here and I don't think it's "left behind dross". Screen dump here:

https://www.dropbox.com/s/5fitdiprf5a0y0y/Screensh...
Was this reply relevant?
+0
-0
Maurice Joyce RE: Thunderbird 24.6.0
Handling Contributor 11th Jun, 2014 22:46
Score: 11793
Posts: 9,036
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Agreed - I have just done a download on my test PC & Secunia are reporting correctly.

File meta data is:

https://1ncuig.bn1.livefilestore.com/y2pKrHRfVYp44...

Hash details are:
https://1ncuig.bn1.livefilestore.com/y2pOz7rifNSwe...

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
Charlie83672 RE: Thunderbird 24.6.0
Member 11th Jun, 2014 23:02
Score: 2
Posts: 2
User Since: 16th Dec 2010
System Score: N/A
Location: N/A
Same problem here. I have downloaded two 21+MB install packages today -- one from Mozilla, and one from Secunia (from the "Install Solution" button). Installed first one, then the other. The Thunderbird exe in each case says File Version 24.6.0.5274 and the product version is 24.6.0. The date modified in properties details is 6/10/2014 4:51 AM

Secunia PSI 2 still reports it as insecure after rescan of that program.

Charlie
Was this reply relevant?
+0
-0
Maurice Joyce RE: Thunderbird 24.6.0
Handling Contributor 11th Jun, 2014 23:35
Score: 11793
Posts: 9,036
User Since: 4th Jan 2009
System Score: N/A
Location: UK
It should not be showing as vulnerable if version 24.6.0.5274 is installed correctly - these refer:

https://secunia.com/advisories/59170/

https://secunia.com/advisories/product/48067/?task...




--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
colemann RE: Thunderbird 24.6.0
Member 11th Jun, 2014 23:55
Score: 0
Posts: 2
User Since: 11th Jun 2014
System Score: N/A
Location: UK
It doesnt seem to matter if the install file comes from Mozilla itself, or as the suggested solution from PSI, the issues remains,

Looking at the file properties of thunderbird.exe;
file version: 24.6.0.5274
product version: 24.6.0
Was this reply relevant?
+0
-0
Maurice Joyce RE: Thunderbird 24.6.0
Handling Contributor 12th Jun, 2014 00:42
Score: 11793
Posts: 9,036
User Since: 4th Jan 2009
System Score: N/A
Location: UK
What issue?

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
millwood RE: Thunderbird 24.6.0
Member 12th Jun, 2014 04:18
Score: 3
Posts: 26
User Since: 14th May 2008
System Score: N/A
Location: US
The issue is that PSI says Thunderbird needs updating but it is up to date.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Thunderbird 24.6.0
Handling Contributor 12th Jun, 2014 09:26
Score: 11793
Posts: 9,036
User Since: 4th Jan 2009
System Score: N/A
Location: UK
At no point has the ORIGINATOR of this thread indicated that when version 24.6.0.5274 is installed PSI is showing that version vulnerable after a PC reboot & full PSI scan has been completed.

The question raised was:

Any one seeing issues with Thunderbird 24.6.0 ? This version is installed but PSI is reporting it as 24.6.0.5274 (fie version of the exe file).

I have answered that question. Version 24.6.0 full designation is 24.6.0.5274.

If PSI is incorrectly reporting the security status that is a different issue.

Support have not been active on the Forum for some time - if you want them to investigate further you should follow this guideline.

http://secunia.com/vulnerability_scanning/personal...





--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
clinfoot RE: Thunderbird 24.6.0
Member 12th Jun, 2014 09:29
Score: 15
Posts: 4
User Since: 6th Aug 2010
System Score: N/A
Location: N/A
I am not the originator but, to be clear, it is apparent that PSI (I have version 3.0.0.9016) is reporting a fully patched and up to date Thunderbird 24.6.0 installation as vulnerable. I will do as you suggest and report using the process you linked to.
Was this reply relevant?
+10
-0
clinfoot RE: Thunderbird 24.6.0
Member 12th Jun, 2014 09:56
Score: 15
Posts: 4
User Since: 6th Aug 2010
System Score: N/A
Location: N/A
Following [1]second[/i] reboot and full rescan, the issue appears resolved.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Thunderbird 24.6.0
Handling Contributor 12th Jun, 2014 10:01
Score: 11793
Posts: 9,036
User Since: 4th Jan 2009
System Score: N/A
Location: UK
All looks OK to me.

https://1ncuig.bn1.livefilestore.com/y2pWynRR0r873...


--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
clinfoot RE: Thunderbird 24.6.0
Member 12th Jun, 2014 10:27
Score: 15
Posts: 4
User Since: 6th Aug 2010
System Score: N/A
Location: N/A
I have an email reply from the support team.

"Thank you for contacting us and notifying us about this issue.

"The issue was noticed this morning and has been fixed now.

"If you do a full rescan in the PSI it should be fine again."

And indeed this is what we find.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer