Hi,
I would like to raise a point about the security of the Thunderbird
software in Tails.
Due to the Tails release scheduling the thunderbird package in Tails is
almost always one release behind the current version.
This means that Thunderbird in Tails almost always contains known
security vulnerabilities.
Granted - most of the time Thunderbird vulnerabilities "cannot be
exploited through email in the Thunderbird product because scripting is
disabled when reading mail, but are potentially risks in browser or
browser-like contexts" - as the Mozilla security advisories put it.
However this is not the case every month.
I'm assuming that this policy is a conscious choice on part of the Tails
team, but should the users at least be informed regarding this?
I see no mention of this systematic weakness in the relevant documentation.
https://tails.net/doc/anonymous_internet/thunderbird/index.en.html
Furthermore, I wish to thank the Tails team for the continued good work
over the years!
Cheers,
Topi Toosi
