Security risks to keep using FossaMail

Support topics for the mail/news/chat client

Moderators: Indalecio, satrow

Lebowsky
Hobby Astronomer
Hobby Astronomer
Posts: 16
Joined: Thu Aug 04, 2016 4:11 pm

Security risks to keep using FossaMail

Postby Lebowsky » Wed Apr 26, 2017 7:50 pm

I've been using FossaMail on my work laptop for over a year and I was rather disappointed to see its development stopped. OTOH, it is is not as if I had offered to take over its development, so I fully respect the decision of course.

My question: what are the actual security risks to keeping using FossaMail? I use only one account in IMAP, from my institution (which is a school), with SSL/TLS. I don't really understand what the risks are? Except maybe if new security standards are applied, and FossaMail becomes obsolete? I am still using the same thunderbird 2 on my private computer so I guess I am more vulnerable there :)

So, can my mail be read by third party or not? :)

Thanks for the clarifications. Don't hesitate to make the answer(s) idiot-proof...

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 19679
Joined: Sun Aug 28, 2011 5:27 pm
Location: 58.5°N 15.5°E
Contact:

Re: Security risks to keep using FossaMail

Postby Moonchild » Wed Apr 26, 2017 10:55 pm

The risks of using an outdated version of FossaMail or most other mail clients are much smaller than the risks of using an outdated version of a web browser. The main reason for this is that mail clients generally aren't exposed to foreign scripts (javascript in html-formatted e-mail isn't run, unlike what a web browser must do).
The security risks are not nonexistent though -- things like compression libraries, image libraries/decoders, HTML-mail rendering engines, or even the client code itself, etc. can have vulnerabilities that can be exploited in mail clients by sending you a specially-crafted e-mail. Thankfully, that doesn't happen very often, but running ancient versions is still dangerous.

Outdated encryption for connections to mail servers can also be a risk, but in that respect with FossaMail you should be good since it's unlikely that the crypto it supports for TLS connections will be broken any time soon. It's actually more likely that mail servers support weaker encryption in that case.
So no, if you connect directly to your institute's mail server over TLS, third parties can't read your mail.

I would recommend that you stop using Thunderbird 2 though. There are known exploitable vulnerabilities in it (e.g. the image libraries used have known (severe) flaws that can cause a bad image to crash it and execute malicious code on your system).
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.
Image

Lebowsky
Hobby Astronomer
Hobby Astronomer
Posts: 16
Joined: Thu Aug 04, 2016 4:11 pm

Re: Security risks to keep using FossaMail

Postby Lebowsky » Thu Apr 27, 2017 4:43 pm

thank you!

I should add that I think, even though you want the development stopped, I (and proabably a lot of other people as well) would find it useful to keep the build available for whoever wants to use it anyway (at their own risk), if not only for historical/archival purpose. (but maybe it's just the historian in me)

Thanks for all your work, I'll keep using Pale Moon too :)


Return to “FossaMail Support”

Who is online

Users browsing this forum: No registered users and 1 guest