Thunderbird 102.1.0 is now available. The new stable version of the email client fixes four security issues in the app and makes some minor changes alongside that.
Thunderbird 102.1.0 is already available. Existing Thunderbird installations will install the update automatically, provided version 102.x is already installed. The Thunderbird 102.x version is recent and updates from the previous major version, Thunderbird 92.x, are not yet supported.
Thunderbird users can speed up installation by selecting Help > About Thunderbird from the menu. If the menu is not displayed, press the Alt key on the keyboard to display it.
The window that opens displays the current version and a check for updates is run. Thunderbird 92.x users who want to upgrade to version 102 should download the installer from the official project website instead of doing it.
Thunderbird 102.1.0: Security Update
The Official Security Advisories Page lists four security vulnerabilities that affect earlier versions of the Thunderbird email client. The highest severity rating is high, second only to critical.
Thunderbird shares its code base with Firefox, and several of the vulnerabilities do not affect Thunderbird as much as Firefox.
In general, these flaws cannot be exploited via email in the Thunderbird product because scripts are disabled when reading emails, but pose potential risks in browser or browser-like contexts.
Here is the list of vulnerabilities:
- CVE-2022-2505: Fixed memory security bugs in Thunderbird 102.1 (HIGH)
- CVE-2022-36314: Opening files
.lnkpremises can lead to unexpected network loads
- CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters
- CVE-2022-36319: mouse position spoofing with CSS transforms
None of the security vulnerabilities are actively exploited.
Thunderbird 102.1.0 makes the following non-security changes:
- POP message downloads were not displayed by the activity manager.
- Problem displaying Mail Folder Properties dialog which cut off content.
- News posts that have expired did not display an error message.
- Calendar column selector closed prematurely “after selecting/deselecting a single column”.
- Various unspecified UI improvements.
Thunderbird users may wish to upgrade the email client as soon as possible to fix security issues.
Now you: Do you use Thunderbird? If so, which version?