Mozilla have just released a new version of their Thunderbird email client that fixes a number of security issues:

• MFSA 2008-34 Remote code execution by overflowing CSS reference counter
• MFSA 2008-33 Crash and remote code execution in block reflow
• MFSA 2008-31 Peer-trusted certs can use alt names to spoof
• MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
• MFSA 2008-26 Buffer length checks in MIME processing
• MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
• MFSA 2008-24 Chrome script loading from fastload file
• MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)

Users are advised to upgrade immediately.

Mozilla have just released a new version of their Thunderbird email client that contains a number of security fixes

• MFSA 2008-15 Crashes with evidence of memory corruption (rv:1.8.1.13)
• MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution

Users are advised to upgrade immediately.

A couple of weeks back we promised that we would publish an article on spam telling you everything you need to know to take back control of your inbox.

"More and more frequently I get asked by clients what they can do about the amount of spam they are receiving. To know the answer, we need to understand a little about what spam is, why we get it and things we can do to minimise or irradicate it."

"Here at Pendre we have developed a custom spam filtering system on our email servers that blocks, on average, 99.6% of spam before it ever reaches you. This is the ideal situation as you no longer have to waste time and bandwidth downloading the spam or spend time checking for messages that have been incorrectly marked as spam. And if you are concerned about false positives, i.e. us falsely blocking messages that you do want to receive, you can add senders email addresses (or domains) to our whitelists so they will never be spam filtered and will guarantee delivery every time. So if your current email provider isn't providing a satisfactory solution, feel free talk to us about moving your email onto our servers and benefit from our highly efficient spam filtering."

Well, we've kept our promise. Read the full article here.

Today we saw yet another major spam run of the storm worm. Messages typically referred to a funny postcard (or ecard) and provided a link of the form http://ip_address contained within the message body. Clicking on the link would take a user to a website that will infect their computer with the storm worm virus. Users are reminded never to click on links in emails.

Our email servers at Pendre successfully filtered these spam messages based on body checks for raw dotted quad ip addresses, a technique regularly used by storm worm and other such spam. As such, users of Pendre email servers were not at risk. Anti-Virus detection of these new storm worm variants is now reasonably good.

Mozilla have just released a new version of their Thunderbird email client that contains a number of security fixes

• MFSA 2008-12 Heap buffer overflow in external MIME bodies
• MFSA 2008-05 Directory traversal via chrome: URI
• MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
• MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)

Users are advised to upgrade immediately.

Fed up with the amount of spam in your email inbox? We are too, so we're fighting back.

Look out for an article soon on how to take back control of your inbox and how you can achieve a spam free existance with our custom email hosting service.