Gecko vs Goanna for Thunderbird Independence

Tanstaafl tanstaafl at
Mon Apr 17 14:13:28 UTC 2017

On 4/17/2017, 10:03:13 AM, Gervase Markham <gerv at> wrote:
> On 13/04/17 23:11, Ben Bucksch wrote:
>> there were no less than 250 known critical *1 security holes and 600
>> memory corruption bugs that might be exploitable. One critical security
>> is already a very serious risk.
> How many of those are exploitable if JS is switched off?
> I am not saying the cost of forking is zero but we need to acknowledge
> that Thunderbird exposes a much-reduced attack surface compared to a web
> browser.

I said/suggested something very similar in a prior thread about this.

1. Disable full web browsing capability in TB (does anyone really use it
for web browsing?), and limit the browser functionality/component to
just rendering HTML emails and internal pages (ie, Help pages, Addons
pages, etc),

2. If a critical vulnerability affecting Gecko is issued, assess its
impact on TB, and if one exists, determine if it is easier to port the
fix, or just disable the vulnerable function (and the impact that would

3. There may come time that we might have to disable 'Original HTML'
support completely - ie, only support 'Simple HTML' - although I'm not
sure how effective that would be at limiting security potential risks.

In a worst worst case scenario, it could even come to disabling HTML
rendering completely by default, and issue a big fat warning if the user
decides to enable it.

I know these are not ideal or even 'good' solutions, but I'd prefer
these to just killing TB and walking away.

More information about the tb-planning mailing list