Unread post
by Moonchild » 2017-04-26, 22:55
The risks of using an outdated version of FossaMail or most other mail clients are much smaller than the risks of using an outdated version of a web browser. The main reason for this is that mail clients generally aren't exposed to foreign scripts (javascript in html-formatted e-mail isn't run, unlike what a web browser must do).
The security risks are not nonexistent though -- things like compression libraries, image libraries/decoders, HTML-mail rendering engines, or even the client code itself, etc. can have vulnerabilities that can be exploited in mail clients by sending you a specially-crafted e-mail. Thankfully, that doesn't happen very often, but running ancient versions is still dangerous.
Outdated encryption for connections to mail servers can also be a risk, but in that respect with FossaMail you should be good since it's unlikely that the crypto it supports for TLS connections will be broken any time soon. It's actually more likely that mail servers support weaker encryption in that case.
So no, if you connect directly to your institute's mail server over TLS, third parties can't read your mail.
I would recommend that you stop using Thunderbird 2 though. There are known exploitable vulnerabilities in it (e.g. the image libraries used have known (severe) flaws that can cause a bad image to crash it and execute malicious code on your system).
"A dead end street is a place to turn around and go into a new direction" - Anonymous
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
