Mozilla Thunderbird - Alter Version Number


  • Community Moderator

    Mozilla Thunderbird is detected correctly on my system, but the displayed version number should be altered.
    In the application the displayed version number is 60.4.0.
    In VulnDetect the displayed version number is 60.4.
    So you should show the same version number that is shown in the app.

    Tell me if you need a screen shot of the Help -> About window.


    Here the information extracted from the EXE file:

    File name and path:     C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    Product Name:           Thunderbird
    Internal Name:          Thunderbird
    Original Filename:      thunderbird.exe
    
    File Description:       Thunderbird
    Company:                Mozilla Corporation
    Legal Copyright:        ┬ęThunderbird and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.
    Legal Trademarks:       Thunderbird is a Trademark of The Mozilla Foundation.
    Comments:               Mozilla Thunderbird Mail and News Client
    
    File Version String:    60.4.0
    File Version:           60.4.0.6925
    Product Version String: 60.4.0
    Product Version:        60.4.0.0
    

  • Community Moderator

    I installed an update for Thunderbird.
    VulnDetect shows the version 60.5
    Help -> About shows the version 60.5.0


  • Community Moderator

    @Tom
    I started a discussion about What Version Number to display.
    Hopefully we get a solution there.

    But if they are not consistent on their homepage then we should generally use the version number that is displayed in the app.
    Hopefully inside the app it is consistent.


  • VulnDetect Team Member

    Yes, it is the same talk we had the other day and in this case we follow the Security Advisories:
    https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird60.5
    It is not easy to pick the right one, when the vendor is inconsistent.
    But in this case I will consider it, since they use 60.4.0 more frequently than 60.4 on the website - it just is annoying since the Security Advisories are the most "authoritative" since this is VulnDetect and not UpdateDetect ­čśë