Hi,
I would like to raise a point about the security of the Thunderbird software in Tails.
Due to the Tails release scheduling the thunderbird package in Tails is almost always one release behind the current version.
This means that Thunderbird in Tails almost always contains known security vulnerabilities.
Granted - most of the time Thunderbird vulnerabilities "cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts" - as the Mozilla security advisories put it.
However this is not the case every month.I'm assuming that this policy is a conscious choice on part of the Tails team, but should the users at least be informed regarding this?
I see no mention of this systematic weakness in the relevant documentation. https://tails.net/doc/anonymous_internet/thunderbird/index.en.htmlFurthermore, I wish to thank the Tails team for the continued good work over the years!
Cheers, Topi Toosi
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://www.autistici.org/mailman/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
