Thunderbird/Security
Contents
Introduction
Thunderbird cares very strongly about the security and privacy of its users. To this end, there are various security-related activities maintained by the community that this page attempts to document.
There are two main aspects to security-related work:
- Security Engineering
- Designing Thunderbird to prevent vulnerabilities.
- Analyzing risk (and then mitigating it) by performing threat analysis and risk assessment.
- Finding vulnerabilities in Thunderbird.
- Vulnerability management and incident response activities.
- Security Software Engineering
- Maintaining/building security-related code (the Security component)
- Including strong security standards and technologies when appropriate.
- Building/researching new security-related features to improve the security of our users.
Security Engineering
Security engineering is a sub-discipline in the engineering space which focuses on designing systems which are robust to malicious actors or unintended effects. The most notable academic book describing this field was created by Ross Anderson and is available here: Security Engineering Book
There are security-specific activities that should occur during all parts of a product's development life-cycle including:
- Design - Designs should be analyzed from an "attacker's mindset" and threat analysis and risk assessment should be performed to determine the risk of such a design. The result may inform additional countermeasures to prevent issues down the road.
- Development - Security needs to be considered during development. This means educating developers, requiring code review, and integrating security into the entire development process via automated tools.
- Testing - Penetration testing are arguably the most popular security activity. In these activities internal or external parties try to find vulnerabilities in the source and will report them responsibly.
- Release - Monitoring should be done to find new vulnerabilities in the field. Vulnerability disclosure programs should exist to provide external researchers a way to report issues. Most importantly, security issues found must be analyzed and fixed in a reasonable amount of time.
Security Software Engineering
Security software engineering refers to software engineering related to security, rather than the security engineering discipline itself. This section describes various activities in that area:
Security Component
Issues and suggestions relating to the security-feature aspects of Thunderbird can be found on Bugzilla here: Bugzilla Security Component Page
The trend of open bugs in the security component can be found here: Bugzilla Charts Link
Security Features
This section lists various security features Thunderbird has implemented or is in the progress of implementing/improving.
Phishing Detection
Email phishing is a very common attack method and has proven to be very effective. Although elaborate technologies exist to protect users in many ways (encryption protocols to provide privacy, authentication methods to provide integrity, etc.), it is very hard to protect against the human agent. Around a 100,000 phishing emails are reported to the APWG (Anti-Phishing Working Group) each *month*.
Thankfully, Thunderbird does provide phishing (sometimes called "scam") detection. You can read more about this here: Thunderbird’s Scam Detection
The current implementation uses a series of fairly simple rules. It is an ongoing initiative to improve this detection.
Some bugs which track work in this area can be found below:
- Bug 654502 - Main tracking bug for scam/phishing improvements.
- Bug 1249562 - Mark emails with forms containing "action" URL as scams. (Fixed)
- Bug 320351 - Learn what is not a scam (locally)
- Bug 623198 - Proposal to disable scam detection by default
Academic Research in the Anti-Phishing Space
- "Detecting Phishing Emails Using Hybrid Features": https://ieeexplore.ieee.org/document/5319188/