Thunderbird 102.1.0 fixes four security issues in the email client

0

Thunderbird 102.1.0 is now available. The new stable version of the email client fixes four security issues in the app and makes some minor changes alongside that.

image credit: Thunderbird

Thunderbird 102.1.0 is already available. Existing Thunderbird installations will install the update automatically, provided version 102.x is already installed. The Thunderbird 102.x version is recent and updates from the previous major version, Thunderbird 92.x, are not yet supported.

Thunderbird users can speed up installation by selecting Help > About Thunderbird from the menu. If the menu is not displayed, press the Alt key on the keyboard to display it.

The window that opens displays the current version and a check for updates is run. Thunderbird 92.x users who want to upgrade to version 102 should download the installer from the official project website instead of doing it.

Thunderbird 102.1.0: Security Update

Thunderbird 102.1.0

The Official Security Advisories Page lists four security vulnerabilities that affect earlier versions of the Thunderbird email client. The highest severity rating is high, second only to critical.

Thunderbird shares its code base with Firefox, and several of the vulnerabilities do not affect Thunderbird as much as Firefox.

In general, these flaws cannot be exploited via email in the Thunderbird product because scripts are disabled when reading emails, but pose potential risks in browser or browser-like contexts.

Here is the list of vulnerabilities:

  • CVE-2022-2505: Fixed memory security bugs in Thunderbird 102.1 (HIGH)
  • CVE-2022-36314: Opening files .lnk premises can lead to unexpected network loads
  • CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters
  • CVE-2022-36319: mouse position spoofing with CSS transforms

None of the security vulnerabilities are actively exploited.

Thunderbird 102.1.0 makes the following non-security changes:

  • POP message downloads were not displayed by the activity manager.
  • Problem displaying Mail Folder Properties dialog which cut off content.
  • News posts that have expired did not display an error message.
  • Calendar column selector closed prematurely “after selecting/deselecting a single column”.
  • Various unspecified UI improvements.

Thunderbird users may wish to upgrade the email client as soon as possible to fix security issues.

Now you: Do you use Thunderbird? If so, which version?

Summary

Thunderbird 102.1.0 fixes four security issues in the email client

Article name

Thunderbird 102.1.0 fixes four security issues in the email client

The description

Thunderbird 102.1.0 is now available. The new stable version of the email client fixes four security issues.

Author

Martin Brinkman

Editor

Ghacks Technology News

Logo

Advertising

Share.

About Author

Comments are closed.