293769 - After recent firefox update exploit, thunderbird lost all email and accounts

Status: RESOLVED INVALID

(Thunderbird :: General, defect)

Description

[Steve]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 StumbleUpon/1.9995
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 StumbleUpon/1.9995

Before I was aware there was this flaw, I clicked on spoofed update box for
prefbar extension for firefox. After closing browser, opened thunderbird and all
email and accounts were gone. No email in profile. Had to re-open both email
accounts as if I had just installed thunderbird. Have no known way to recover
email. Finally decided to remove thunderbird and use mozilla suite in lieu of OE.
No email virus was present nor any other bugs discovered thru security or
spyware scans. Occurred concurrently with firefox flaw.

Reproducible: Didn't try




Have no way of knowing. Before update in firefox, thunderbird was fine.
Immediately after, all email and accounts were removed. Have no way to duplicate
unless I allow updates again or enable javascript. Have no desire to do so. I am
surprised I have seen no mention of this particular event anywhere on the net or
within mozilla or bugzilla.

Comment 1

[Matthias Versen [:Matti]]

The security flaw is already "fixed" on the serverside. That means that an
attacker can't use the exploit (but the problem is still there in FF).
The current security flaw also has nothing to do with spoofing the "Update box"
and that means that a got a valid and real update for the prebar extension.

Comment 2

[OstGote!]

Your lost e-mails have another cause. No further response, not reproducable.
Feel free to reopen if you can provide clear steps to reproduce it.