Flaw in Thunderbird bypasses Firefox 'Torified' security and privacy defenses
Do you use the free email client Thunderbird? Do you also use Tor? If so, then there's been a security flaw awaiting a fix from Mozilla for over two years; now the bug has been publicly disclosed.Thunderbird security bug Mike Cardwell, a developer, IT consultant, sysadmin and security researcher in the UK, informed the Tor-talk mailing list about a security issue in the Thunderbird app.
Normally, when you click on a link in email, the link opens in your default web browser. Hopefully, you've all but weaponized your browser with extensions and addons to better protect your privacy and security. If you are using Tor, then you're going to a bit more trouble to protect yourself and you don't want your defenses bypassed. However, when blogging more details about the security leak in Thunderbird, Cardwell explained: "I've discovered a way of crafting a link such that when you're using Thunderbird and you click on that link, it opens the website in a new Thunderbird tab instead of in the external web browser."