Thunderbird Changelog

New in version 31.3.0

December 2nd, 2014
  • FIXED:
  • Fixes an issue where using LDAP autocomplete could end up with blank entries in the compose addressing list (Bug 1045753)
  • Fixes an issue where IRC participants were not removed from the display on leaving a channel.
  • Fixes a regression where Thunderbird wasn't respecting the skip integration option on the default client dialog.
  • SECURITY FIXES:
  • 2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory
  • 2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer
  • 2014-88 Buffer overflow while parsing media content
  • 2014-87 Use-after-free during HTML5 parsing
  • 2014-85 XMLHttpRequest crashes with some input streams
  • 2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)

New in version 34.0b1 Beta (November 11th, 2014)

  • Fixed bugs:
  • Bug 1023539: Fix occasional timeouts of TURN webrtc transports with one-way connections.
  • Bug 1069762 - Make CSP violation reports match the spec for redirects.
  • Bug 1085509 - Add telemetry for how many permanent certificate overrides users have.
  • Bug 1087104 - Set the partialInfo property for Balrog.
  • Bug 1087104 - Implement partial mar generation in make for 'mach build’.
  • Bug 1085026 - Use sha512 hashes for mar files.
  • Bug 1084163 - Remove 'make check' from automation/build.
  • Bug 1077597 - force -j1 for {pretty-}package-tests.
  • Bug 1013730 - Have mach ignore broken disk io stats.
  • Bug 1072073 - pretty-l10n-check should also be -j1.
  • Bug 978211 followup, make compare-mozconfig work on Win64 again.

New in version 31.2.0 (October 14th, 2014)

  • FIXED:
  • Fixed a case where having a contact and card in an address book with the same name could send to the mailing list (Bug 1008718)
  • Security fix:
  • MFSA 2014-73: RSA Signature Forgery in NSS

New in version 31.1.2 (September 25th, 2014)

  • FIXED: Fixed an issue where anchor links would not work in HTML emails (Bug 974857)
  • Security fixes:
  • MFSA 2014-73: RSA Signature Forgery in NSS

New in version 33.0b1 Beta (September 20th, 2014)

  • Bug 996753 - Workaround for Fx33 not having AppConstants.
  • Bug 1067088 - Use aBorderArea when not skipping any sides (e.g. ::first-letter), not the joined border area.
  • Bug 1063052 - In case a user ends up with unpacked chrome, on update use omni.ja again by removing chrome.manifest.
  • Bug 1000338 - nsICacheEntry.lastModified not properly implemented.
  • Bug 1057247 - Increase favicon refetch time to four hours.
  • Bug 1060888 - Autocomplete drop down list item should not be copied to the search fields when mouse over the list item.
  • Bug 1066794 - Make the search suggestions popup on about:home/about:newtab more consistent with the main search bar's popup.
  • Bug 1039028 - Show license info for OpenH264 plugin.
  • Bug 1063896 - Loop over all url list, not just ones with metadata.
  • Bug 1066190 - Ensure that pinning checks are done for otherwise overridable errors.
  • Bug 1066726 - Concurrent HTTP cache read and write issues.
  • Bug 1065478 - POSTs are coming from offline application cache.
  • Bug 1058813 - Add telemetry probe for clicking sync preference.
  • Bug 1063128 - Make sure all preferences have keys.
  • Bug 996753 - Telemetry probes for changing settings and hitting back.

New in version 31.1.1 (September 11th, 2014)

  • What’s New:
  • FIXED: Fixed an issue where mailing lists with spaces in their names couldn't be auto-completed (Bug 1060901)
  • FIXED: Fixed an occasional start-up crash (Bug 1005336)

New in version 31.1.0 (September 3rd, 2014)

  • Fixed:
  • MFSA 2014-72 Use-after-free setting text directionality
  • MFSA 2014-70 Out-of-bounds read in Web Audio audio timeline
  • MFSA 2014-69 Uninitialized memory use during GIF rendering
  • MFSA 2014-68 Use-after-free during DOM interactions with SVG
  • MFSA 2014-67 Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8)

New in version 32.0b1 Beta (August 14th, 2014)

  • Bug 777574 - Skip all quickCheckAPI tests on linux/android/emulator slaves.
  • Bug 1013007: re-enable STUN throttling in mid-beta and later.
  • Bug 1046500 - Fix mediagroup parsing in feed parser.
  • Bug 1045640 - disable tls proxying bug 378637 on gecko 32.
  • Bug 995075 - Include update_filter() changes from upstream speexdsp.
  • Bug 1032255 - TPS has to exit with code != 0 in case of failures.
  • Bug 1048133 - Check key algorithms before using them for encryption/signatures.
  • Bug 997970 - Add search suggest to Amazon for en-US.

New in version 31.0 (July 23rd, 2014)

  • NEW: Auto-completing email addresses now matches against any part of the name or email (bug 529584)
  • NEW: Composing a mail to a newsgroup will now autocomplete newsgroup names (bug 61491)
  • FIXED: Insecure NTLM (pre-NTLMv2) authentication disabled (see 828183)
  • FIXED VULNERABILITIES:
  • MFSA 2014-66 IFRAME sandbox same-origin access through redirect
  • MFSA 2014-65 Certificate parsing broken by non-standard character encoding
  • MFSA 2014-64 Crash in Skia library when scaling high quality images
  • MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache
  • MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library
  • MFSA 2014-61 Use-after-free with FireOnStateChange event
  • MFSA 2014-59 Use-after-free in DirectWrite font handling
  • MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering
  • MFSA 2014-57 Buffer overflow during Web Audio buffering for playback
  • MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)