Thunderbird Email Client News Archive

You can verify which version of Thunderbird you are running by launching the program on your system and selecting Help > About Thunderbird from the menu at the top.

If automatic updates are enabled, any new versions get picked up automatically and will be downloaded and installed.

Release notes

Here is the collection of the most important release notes links that you can use to look up information on the Mozilla website.

• 2.0.0.0
• 3.0
• 3.1
• 5.0
• 6.0
• 7.0
• 8.0
• 9.0
• 10.0
• 11.0
• 12.0
• 13.0
• 14.0
• 15.0
• 16.0

Thunderbird 2

There have been some major changes to the appearance and features of Thunderbird such as the ability to tag emails which works almost the same way as tagging bookmarks at del.icio.us for example.

The interface was redesigned with new icons which look way better than the old ones. Everything looks more friendly to the eye. (I like the flame which is the new symbol for junk mails).

The search reacts now like those nice Ajax scripts that you find anywhere on the web nowadays. It displays results as you type which makes it easier to find emails during searches. I did not have much time to play around with all settings but for the time being I think that the new release is a major improvement. Seems to react a lot faster during program start and mail retrieval.

• Message Tags
• Improved visual theme.
• Back and forward buttons to navigate through the message history.
• Different folder views.
• Popular web mail service wizard for easier integration.
• Improve email alerts and support for extensions.
• Find as you type

Thunderbird 2.0.0.5

There have been only two security fixes in this version of Thunderbird but 21 bug fixes which should get rid of some bugs that caused headaches for some users of Thunderbird. The rumbling edge website has a detailed list of all the fixes of this version with links pointing to explanations if needed. The security fixes have been the following:

• Fixed: MFSA 2007-18 - Crashes with evidence of memory corruption (Critical)
• Fixed: MFSA 2007-23 - Remote code execution by launching Firefox from Internet Explorer (Critical)

Thunderbird 2.0.0.6

The same security vulnerabilities that have been fixed in Firefox 2.0.0.6 have also been fixed in Thunderbird which means that you should update immediately to the latest version. As far as I can tell there are no new features in this version, at least all my extensions are still working fine.

The Rumbling Edge lists the following three fixes for Thunderbird 2.0.0.6

Fixed: MFSA 2007-27 - Unescaped URIs passed to external programs (Critical)
Fixed: MFSA 2007-26 - Privilege escalation through chrome-loaded about:blank windows (Moderate)

Thunderbird 2.0.0.9

The Rumbling Edge lists 39 improvements over version 2.0.0.8 which is also only available on the ftp site at the moment. Nine improvements have the critical status which means the upgrade should be performed as soon as possible. There is no word yet as well if this is the release version or yet another release candidate version for testers only.

It seems to work fine and I was not able to spot any problems thus far using it.

Thunderbird 2.0.0.12

The new version is already available for all supported operating systems and languages. The Rumbling Edge reports 25 fixes and improvements over the previous version. The release notes however are not official. The official ones will be released with the announcement on the Mozilla homepage.

Oh, if you are wondering why the new version is called 2.0.0.12 and not 2.0.0.10 or 2.0.0.11. That's an effort to synchronize Firefox and Thunderbird versioning once again.

Thunderbird 2.0.0.14

Several bugs and two security issues have been fixed in Thunderbird 2.0.0.14 and it is advised to update the email client as soon as possible. The security issues that have been fixed in Thunderbird 2.0.0.14 have been classified as moderate. They fix crashes with evidence of memory corruption and one JavaScript privilege escalation and arbitrary code execution.

The seven other issues that have been fixed can be found at the Rumbling Edge website. One random crash has been fixed for instance. If your check for updates does not find a new version head to the official Thunderbird website, the new version is already provided as a download on the main page there.

Thunderbird 2.0.0.16

The new Thunderbird update is a security release that fixes 6 moderate and 2 low vulnerabilities which obviously means that it is recommended to update the email client as soon as possible to patch the security vulnerabilities.

You could head over to the Security Advisories to read up on the security vulnerabilities that the Thunderbird team fixed in the issue, the release notes on the other hand do not reveal any additional information about this release. Happy Updating!

Thunderbird 2.0.0.17

The update is a security update and it is therefor recommended to update immediately if Thunderbird is installed and in use on a computer system.

Interested users can take a look at the release notes for the new version which contain a link to the security issues that have been fixed.

The update fixes the following two critical and five moderate security vulnerabilities that can be exploited in earlier versions of the mail client:

• MFSA 2008-46 Heap overflow when canceling newsgroup message
• MFSA 2008-44 resource: traversal vulnerabilities
• MFSA 2008-43 BOM characters stripped from JavaScript before execution
• MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
• MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
• MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
• MFSA 2008-37 UTF-8 URL stack buffer overflow

The update checks in the email client can be used to download the latest version. Users find that option in the Help > Check for Updates menu in Thunderbird.

Thunderbird 2.0.0.18

The following security issues have been fixed:

MFSA 2008-46 Heap overflow when canceling newsgroup message
MFSA 2008-44 resource: traversal vulnerabilities
MFSA 2008-43 BOM characters stripped from JavaScript before execution
MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
MFSA 2008-37 UTF-8 URL stack buffer overflow

Thunderbird 2.0.0.19

Update: Thunderbird 2.0.0.19 fixes seven security vulnerabilities.

• MFSA 2008-68 XSS and JavaScript privilege escalation
• MFSA 2008-67 Escaped null characters ignored by CSS parser
• MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
• MFSA 2008-65 Cross-domain data theft via script redirect error message
• MFSA 2008-64 XMLHttpRequest 302 response disclosure
• MFSA 2008-61 Information stealing via loadBindingDocument
• MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)

Thunderbird 2.0.0.21

Everyone else will have to sit tight with an insecure version of Thunderbird until the official distribution process has been completed and the update is officially announced.

Some add-ons might stop working after installing Thunderbird 2.0.0.21. You could try and change the allowed version number manually or wait for the software developer to update the add-on for the email client.

Thunderbird 2.0.0.23

The Mozilla Thunderbird development team has released an important update for the Mozilla Thunderbird email client. The upgrade which will increase the version of the email client to 2.0.0.23 includes one critical security fix that was reported by security researcher Dan Kaminsky. The compromise of SSL-protected communication vulnerability allows attackers to obtain certificates that would function for any site they would like to target.

IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. In particular, if a malicious person requested a certificate for a host name with an invalid null character in it most CAs would issue the certificate if the requester owned the domain specified after the null, while most SSL clients (browsers) ignored that part of the name and used the unvalidated part in front of the null. This made it possible for attackers to obtain certificates that would function for any site they wished to target. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions.

Begin Thunderbird 3.0 Releases

Thunderbird 3.0

After several beta versions and two release candidates the final version of the popular desktop email client Thunderbird 3 has finally been released to the public.

The developer's have not published a changelog detailing the changes between the second release candidate and the final release. The short time between both releases suggests that not much has been changed since then.

Thunderbird users who are still running Thunderbird 2 and other interested users might want to read up on the new key features of the email client:

• Tabbed Email: Provides the ability view individual emails and folders in tabs, and web pages via add-ons in tabs so users can quickly jump between them, just as one manages web pages in Mozilla's Firefox. Folder tabs are remembered, so Thunderbird starts up pre-configured and personalized to each user.
• Filtered Search: Designed with search in mind, the new search interface in Thunderbird 3 contains filtering and timeline tools to help users quickly and accurately pin-point the exact email by word matches, correspondents or even attachment types at the moment they need it, all based on analysis of the user's own emails.
• Message Archive: Archiving mail moves email from the inbox into the new archive folder system, de-cluttering the inbox while at the same time enabling users to find email months or years from now.
• One-click Address Book: A very quick and easy way to add people to an address book, by simply clicking on the star icon in the messages received from new correspondents.
• New Mail Account Setup Wizard: Getting started with Thunderbird 3 is faster than ever with the new account set-up wizard that requires simple information, like email addresses and passwords to get going instead of a user's IMAP, SMTP, SSL/TLS settings.
• Smart Folders: Combines individual mailboxes to help manage multiple email accounts in one spot. For example, by selecting the Inbox, users can view all the incoming emails from all their different accounts without having to go to each email account separately.
• Add-ons Manager: The new add-ons manager can help users find, download, and install hundreds of add-ons enabling them to customize Thunderbird 3 and add functionality or change the appearance.
• Better Integration with Gmail: Now integrates with international versions of Gmail and Gmail's special folders such as sent and trash.
• Better Integration with Windows and Mac OS X: Updated look and feel, improved import tools, search integration, and address book support for Windows 7, Vista and Mac OS X Snow Leopard.
• Gecko 1.9.1 Engine: The same Web page rendering engine and graphics infrastructure used in Firefox, provides the latest Web Standards support and security enhancements.
• Automated Updates: Thunderbird's update system notifies users when a security update is available and automates the download and installation process to keep users safe.

Thunderbird 3.0.1

Mozilla Thunderbird 3.01 is a security and stability release that fixes several issues in the email client. The list of changes lists 124 bugs that have been fixed in the new release including 25 bugs that have received a critical rating and 17 that received a major rating by the developers.

Most of the critical issues that have been fixed are related to crashes but there also have been some security fixes. Users who are planning to install Thunderbird 3.01 should take a look at the known issues before they do so to make sure that they do not run into problems using the email software.

Thunderbird 3.0.2

The next installment of the popular desktop email client Thunderbird has been released by the Mozilla Messaging team.

The full list of bug fixes and changes is accessible at the Rumbling Edge.

Thunderbird 3.0.3

In the case of Thunderbird 3.0.3 it is a single bug fix that fixes missing folders and an empty folder pane for some users who have updated to Thunderbird 3.0.2.

Thunderbird 3.0.4

Bugzilla reports a total of 82 bugs that have been fixed in Thunderbird 3.0.4, among them 19 critical and 6 major bugs. Most of the critical bugs fix crash related issues in the email client, good news for users who have been experiencing crashes on a regular basis.

* Several fixes to improve stability and security, see the Security Advisory.
* Several fixes to the user interface.

Mozilla Thunderbird 3.1.2

The developers consider the release a stability fix.

Bugzilla lists seven bugs that have been fixed in the new release. Two of the bugs have been rated as major, four as normal and one as minor. Three of the bugs affect only the Windows operating system, one each the Mac and Linux system, and two all supported operating systems.

Thunderbird 3.1.2 fixes the following issues in Thunderbird 3.1.1:

• Several fixes to improve stability.
• Several fixes to the user interface.

Thunderbird 3.1

Thunderbird 3.1 comes with several new and improved features including a quick filter toolbar to search and sort through mail folders in realtime, faster search results thanks to improved message indexing, an improved migration assistant to aid Thunderbird 2 users who migrate to Thunderbird 3.1 and a saved files manger that displays all files that have been saved in that session.

Thunderbird 3.1.1

A new version of the Mozilla Thunderbird email client is currently processed to be released later today. Thunderbird 3.1.1 fixes several security and stability issues, much like the new Firefox version that was released earlier today.

The release notes list stability and security fixes, as well as several fixes to the user interface. No further details are offered on that page.

Bugzilla lists a total of 93 bugs that have been fixed in Thunderbird 3.1.1, among them 12 critically rated bugs and nine moderate ones.

Mozilla Thunderbird 3.1.3

On top of the security and stability fixes, several fixes to the user interface have been made. Don't expect any noticeable changes though, the release's aim was to fix bugs, not to add or change features in the email client.

Thunderbird 3.1.4

We have already seen lots of updates this week; From the first beta of Internet Explorer 9, to updates for the Firefox web browser and Google Chrome updates. Lots of downloading, updating and testing for a week.

An update for the desktop email client Thunderbird was just released, raising the version of the email software to 3.1.4.

The version is considered a stability update, and therefor a recommended update for all Thunderbird users of the 3.x branch.

The release notes mention several stability updates and fixes to the user interface. A closer look at the bugs listed at the bug tracking service Bugzilla shows four fixes, including a fix for the bug that was earlier this day fixed in the Firefox web browser.

Several crash related bugs where fixed, especially one when new mail arrived and the user clicked either on the system tray icon, or the new mail notification information.

Thunderbird 3.1.5

So what's new in Thunderbird 3.1.5? According to the release notes of the beta, Thunderbird 3.1.5 includes several stability and security fixes, as well as fixes to the user interface of the email software.

Bugzilla lists a total of 59 buts that have been resolved in this new version of Thunderbird. Eleven bugs have received a critical rating, the second highest severity rating available.

Thunderbird 3.1.6

The security vulnerability that was discovered two days ago was fixed in the Firefox web browser yesterday with an emergency out of band update. The same vulnerability affects the Thunderbird email client as well, which is why the developer's have rushed an update for the email software.

How is Thunderbird affected by the vulnerability anyway? If you remember, the email client has browser-like capabilities, and that's where it becomes vulnerable. The user needs to open a website in Thunderbird that exploits the vulnerability. If the email client has not been upgraded the system could be compromised, and an attacker could get remote access to the local system.

Thunderbird users who do not use the browser-like features are safe, but should update anyway to eliminate the possibility of a successful attack.

Thunderbird 3.1.7

The security fixes alone should be reason enough for Thunderbird users to update the email client as soon as the new version gets released by the development team.

A quick look at Bugzilla lists a total of 84 different bugs that have been fixed in Thunderbird 3.1.7 including a total of 26 different critical issues and one blocker issue. Most issues listed are related to crashes in the email client.

Thunderbird 3.1.10

The release notes of the new version of the email client mention several performance, stability and security fixes without going into greater detail. The linked Security Advisory page does not list the changes in that new release yet, which leaves Bugzilla as the only source of information.

Bugzilla lists a total of 71 bugs that have been fixed in Mozilla Thunderbird 3.1.10, of which two have received the highest possible rating blocker. Additionally, 16 of the issues listed have received a severity rating of critical, and another four one of major.

Several of the fixes appear to be language related, for instance crash fixes when spell checking with French or Hungarian dictionaries, or update crashes when localized strings excess certain parameters.

Just check Bugzilla for the full list of fixes in this version of Thunderbird. The release, unlike that of Firefox 4.0.1 is already available for download at the official Mozilla Messaging website.

Newer Releases

Thunderbird 5

The final version of the desktop email client Thunderbird 5.0 has been released by Mozilla.

With the streamlining of the release cycle with the Firefox browser come additional similarities. Thunderbird now sports the very same add-on manager that Mozilla added to the Firefox browser earlier.

The email account creation wizard has been revised to improve the setup of new email accounts in the program. See the list below for a full list of changes in Thunderbird 5.

• New Addons Manager and extension management API (user interface will be changed before final release)
• Tabs can now be reordered and dragged to different windows
• Revised account creation wizard, offering improved set-up
• Attachment sizes now displayed along with attachments
  New troubleshooting information page to aid supporting and diagnosing problems in Thunderbird
• Plugins can now be loaded in RSS feeds by default
• Various other user interface fixes and improvements
• Support for Mac 32/64 bit Universal builds (Thunderbird Beta will no longer support PowerPC on Mac)

The big version jump from Thunderbird 3.1 to 5 will definitely render some addons incompatible. The easiest way to force compatibility is to install the Addon Compatibility Reporter extensions.

Thunderbird 6.0

By joining the rapid release cycle Thunderbird updates have become as frequently as those of the Mozilla Firefox web browser. It is therefor no surprise that Mozilla Messaging has just released version 6.0 of the email client Thunderbird on the same day that Firefox 6.0 was officially released. With that release, the release cycle is running in sync with that of the Firefox web browser.

So what is new in Thunderbird 6.0? The release notes, which are up already on the official website, list the following items that have been updated, changed or added to the email client.

• Thunderbird is based on the new Mozilla Gecko 6 engine
• Several theme improvements for Windows 7
• Support for Windows 7 Jump lists
• Several fixes when importing email from Microsoft Outlook
• Default mail client check now works with newer Linux distributions
• Various other user interface fixes and improvements
• Numerous platform fixes that improve speed, performance, stability and security

The feature list, as you can see, is rather small, and offers barely any new features for users of the email program. Windows 7 users benefit from jumplist support and theme improvements. Jumplists show up when a Windows user right-clicks on the icon in the taskbar. For now, Thunderbird users get links to their address book, writing a new message and the mailbox.

Thunderbird 7

The release notes list several changes and feature enhancements.

• Thunderbird is based on the new Mozilla Gecko 7 engine
• Several user interface fixes and improvements
• Several fixes to attachment handling
• Ability to print a summary of selected email messages
• Platform improvements to Address Book
• Fixed several security issues
• Numerous platform fixes that improve speed, performance and stability

Nothing major as you can, mostly under the hood improvements or changes that the majority of users might not even recognize.

The Welcome to Thunderbird page after updating or installing the new version lists additional features. I'm not sure if they all made their way into this version or if they have been available before. Thunderbird 7 starts up faster and is more responsive according to that feature listing. A new troubleshooting information page is listed there as well. It looks exactly like the page of the Firefox web browser.

Thunderbird 8

So what's new in Thunderbird 8? The beta release notes, which have been published last month list the following improvements:

• Add-ons installed by third party programs are now disabled by default
• Added a one-time add-on selection dialog to manage previously installed add-ons
• Improved accessibility of the attachment lists
• Several user interface fixes and improvements
• and numerous other platform fixes

The big new feature is the blocking of automatic installations via third party software programs. This is actually the same feature that made it into Firefox 8 released a few days ago. In addition, Thunderbird users now get a one-time dialog when the update in which they can manage installed add-ons. The email client will suggest add-ons that may not be compatible giving the user the choice to disable them to improve stability of the email client.

Update: The calendar add-on Lightning for Thunderbird has been released in version 1.0 as well today.

Thunderbird 9.0

The release notes list several fixed security vulnerabilities which make Thunderbird 9 a mandatory update for all users of the email client. The security advisories page lists a total of seven security vulnerabilities, of which one has been rated critical and the other six as moderate.

It is however relative unlikely that Thunderbird will see attacks exploiting the issue, as it uses a crash when scaling an Ogg video element to extreme sizes.

The remaining list of changes is not nearly as spectacular. Thunderbird 9 uses the new Mozilla Gecko 9 engine, and an opt-in system to send anonymous performance and usability reports to Mozilla. The data is used to improve future versions of the email client. This is the same feature that has already been implemented into the Firefox web browser.

Windows users can now show and hide the menu bar when they press the Alt key. The change log furthermore lists better keyboard handling for attachments without going into details as to what has been improved in the version.

The only other features listed in the change log are additional support for Personas, and "several user interface fixes and improvements".

Thunderbird 9 ships with another change that has not been mentioned in the release notes. Users who click on the Tools menu will notice a new Test Pilot entry there. This is a Thunderbird extension that the developers have installed in the email client. Test Pilot is used to "make Thunderbird better by running user studies".

Silently installing the extension without giving users options to opt-out during updating or installation is definitely something to be criticized. Thunderbird users can however uninstall the extension in the add-ons manager.

Thunderbird 10.0

Mozilla today, after releasing Firefox 10, has also released Thunderbird 10, a new version of the email software.

Thunderbird too is now flagging add-ons as compatible by default. Add-ons ship with minimum and maximum version compatibility information. The issue previously was that add-ons were flagged as incompatible if the author failed to update the version information in time. This made it difficulty for developers to keep their add-ons compatible with the latest releases.

Another change is the native integration of the Open Search extension in the email client. A right-click now displays an option to search for the selected term on the Internet. This is handled in the email client and not in the default system web browser.

The rendering component uses the Gecko 10 engine that the Firefox web browser uses as well.

Users who do not want their searches to open in the email client can set the preference mail.websearch.open_externally to true. This is done with a click on Tools > Options, switching to Advanced > General, clicking on Config Editor in the menu and filtering for the above preference. Just double-click it to toggle its value from false to true. Is there a way to disable web search completely? Not that I'm aware off. Maybe there is a preference but I have not found it yet.

Two new keyboard shortcuts have been added to Thunderbird 10, in addition to the changes outlined above. It is now possible to add attachments to messages with the Ctrl-Shirt-A (Command-Shift-A) shortcut. Named anchors can now be removed with Ctrl-Shift-R (Coammdn-Shift-R), and messages in the message reader and compose window can now be zoomed with the scroll wheel (Ctrl-Scroll Wheel).

Thunderbird 10.0.1

Thunderbird 10.0.1 is a stability and security release, and as thus a recommended update for all users of the messaging software.

The update is already available, and Thunderbird users can either download it from the official developer website or use their client's internal updater to download and apply it. A click on Help > About Thunderbird performs the update check and displays the current version of the program in a small window.

Lets take a look at the changes in Thunderbird 10.0.1.

The security advisory page over at Mozilla offers details on the issue that has been fixed in the update. It affected not only the email client, but also Thunderbird and SeaMonkey as well.

Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable.

The change log lists several fixes to improve stability without going into further detail on the subject. Sören Hentzschel mentioned a crash in the client's importer when importing mails from Microsoft Outlook.

The release of Thunderbird 10.0.1 comes less than two weeks after the last update that moved the version of the email client to 10. Thunderbird 10 introduced a new right-click search option to search directly from within Thunderbird. Results are either displayed directly in Thunderbird in new tabs, or in the default web browser whichever is preferred.

Other changes include new keyboard shortcuts and an extension compatibility change that should reduce the issues that Thunderbird users have in this regard.

Thunderbird 11.0.1

Thunderbird 11.0.1 has been released by Mozilla Messaging only two weeks after the update to Thunderbird 11 has been pushed out to all Thunderbird users.

When you look at the changes in the Thunderbird 11.0.1 release you will notice that there are only two. That's not really surprising considering the time between the release of version 11 of the email program and this version. Both fix bugs in the email client that affect only part of the program's user base, and both are not security related.

The first fixes an issue that may cause hangs when handling IMAP mail.  It had been reported on March 7

frequently enough (1/10 or so) when I hit space or n, say yes to the prompt sheet to advance to next folder with unread (or, just click on a folder to switch to it) this results in a hang. server is exchange over imap hanging on central/central since sometime in January, I think ...a bit hard to narrow it down as the reproducibility is a bit random. Actually, the str could be something like: read stuff, idle for a minute, switch to a folder with no unread, hit space and yes to advance.

The bug report is difficulty to read, but it basically states that the email client hangs when reading emails when using IMAP.

The second fixes a issue that may cause filters that move mail to specific folders to be erroneously changed. This bug was filed on March 14, and has now been fixed in the latest version of the email program.

1. I have an imap account with roughly 50 filters - coincidentally the account that handles my bugmail 2. i accidentally moved one folder (drag and drop) tb-enterprise which has ONE filter pointing to it, such that it became a subfolder of another folder, which itself is a target of ONE filter. 3. after some drag mistakes, I got tb-enterprise back to it's original location as a subfolder of X in local folders 4. 10 hours later I find that many (~25) filters are now pointing to tb-enterprise - precisely, every filter BELOW the th-enterprise filter was affected

It basically corrects an issue with filters that may get changed by accident if you move folders that have filters pointing to them in the email client.

The change log lists one unresolved issue:

If you are unable to view content for your RSS feeds in the Wide View Layout, you may need to disable the Lightning Calendar add-on if you have it installed or switch to Classic View and restart Thunderbird

Thunderbird 12.0

Thunderbird 12.0 is a security and maintenance update for the email client. The official release notes mentions several security fixes without going into detail. The security advisories page that the announcement links to has not been updated yet with a list of security vulnerabilities that have been fixed in Thunderbird 12.0. This is likely going to happen soon though. For now, the information are not available.

The only new feature that the developers have added to Thunderbird 12.0 is that global search results in the browser now display message extracts in the results. I personally can't really see a difference to the way search was handled before in the email client. Maybe someone else who has spotted the difference can point me in the right direction on this one.

Thunderbird 12.0 furthermore includes various improvements to RSS feed subscriptions and general RSS feed handling. This includes a fix that makes sure that feeds are deleted cleanly and completely from the messaging client. Developers can now make use of different mail stores.

A full list of changes can be accessed here. The page lists all changes that have made their way into the Thunderbird 12 email client.

Existing Thunderbird users should check the known issues to make sure that they do not run into issues after the upgrade. Once issue affects users who view RSS feeds in the wide view layout with the Lightning add-on installed. The other that local mail folders and pop3 mail filters may "produce summary files that aren't correctly read by previous versions of Thunderbird". The developers recommend to delete the .msf files in the Thunderbird user profile directory before downgrading the client.

Thunderbird 12.0.1

With Thunderbird 12.0 having been released less than a week ago, it may come as a surprise to may that Mozilla Messaging is already preparing a follow up release to resolve several issues that became known after the release of Thunderbird 12.0 was already on its way out to the users.

Here is a list of issues that will be addressed in Thunderbird 12.0.1

• Pop3 Filters that move messages to IMAP folders do not work correctly most of the time. According to David Bienvenu, this is a "regression from the pluggable store work" implemented into Thunderbird 12. [bug 748090]

Pop3 filters that move/copy incoming messages to imap folders will not work, for the most part, except for the last message downloaded in get new mail operation. For this reason, it is probably best to disable such filters until this bug is fixed. Filters that are run manually should work.

• Message body not loaded when using fetch headers only if message is in a sub-folder. Messages in sub folders that are retrieved this way to do not load by clicking on the here button. All a user sees is a blank page, even the header with buttons is not displayed. [bug 748865]
• Received messages contain parts of other messages with movemail accounts. [bug 748726]
• New mail notification issues after upgrading to TB 12.  Users basically may experience notifications for emails that they have already retrieved. [bug 748997]
• Crash fix in nMsgDatabase [bug 748432]

Thunderbird 13.0

When you look at the changes and additions, you will notice that there are not that many. It needs to be noted that the developers have fixed several security vulnerabilities in Thunderbird 13, making the update a recommended one for all users of the desktop email client.

When you analyze the fixed security vulnerabilities you will notice that the developers have fixed four critical ones, two high ones, and one moderate vulnerability:

• MFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer
• MFSA 2012-39 NSS parsing errors with zero length items
• MFSA 2012-38 Use-after-free while replacing/inserting a node in a document
• MFSA 2012-37 Information disclosure though Windows file shares and shortcut files
• MFSA 2012-36 Content Security Policy inline-script bypass
• MFSA 2012-35 Privilege escalation through Mozilla Updater and Windows Updater Service
• MFSA 2012-34 Miscellaneous memory safety hazards

As far as features go, the new file link option which allows Thunderbird users to store larger file attachments on file hosting services instead. Thunderbird would then replace the attachment with a file link pointing to that file on the file hosting site instead. The benefits should be obvious: it is now possible to send larger file attachments without having to worry about them bouncing back, and recipients receive emails faster as they do not have to download a large attachment first before they can do so.

At the time of writing, only YouSendIt is integrated into Thunderbird for that purpose. It is however likely that the developers will add other file hosting services in the near future. The method is identical to Microsoft's way of using the company's own SkyDrive service for large file attachments.

The second new feature is a cooperation of Thunderbird with the email service providers Hover and Gandi, that allows users to sign-up for a new email account right from within the Thunderbird application.

The feature is available under Account Settings > Account Actions > Add Mail Account. It is again a feature that the developers want to grow over time.

Lastly, the minimum system requirements for Thunderbird have changed to Windows XP Service Pack 2 or later.

Thunderbird 13.0.1

Busy day for Mozilla. After releasing Firefox 13.0.1 earlier, an update for the desktop email client Thunderbird was released as well bringing the version of the application to 13.0.1. The Thunderbird update, just like the Firefox update, is fixing select issues in the browser only.

You may remember that Mozilla earlier implemented a Filelink feature in the email client that allowed users to upload large file attachments to a file hosting service like YouSendIt or Dropbox to avoid bounced emails and a handful of other related issues (with Dropbox having been removed shortly after the introduction). Files uploaded to the YouSendIt host this way expired after 1 week automatically, which obviously needed to be corrected. The Thunderbird 13.0.1 update fixes the issue, so that files uploaded to YouSendIt do not expire after 1 week automatically anymore.

The remaining fixes in Thunderbird 13.0.1 are listed below:

• The prompt given when a password had changed sometimes referred to a network error rather than a change of password
• Some Linux users may have been unable to start Thunderbird from outside the installation directory
• Miscellaneous other stability and display updates

Especially Linux users who have noticed the issue mentioned should upgrade to the latest version of the email client as soon as possible to correct it. Thunderbird users who have made use of the Filelink feature will also benefit from the changes as a 1 week expiration date may have caused all kinds of issues. This includes requesting the attachment again if the email was opened after that one week period for instance.

Thunderbird 15.0

Since Firefox and Thunderbird use a synced release schedule, it comes as no surprise that the stable version of the Thunderbird email client has been updated today as well. While that may not be the case for much longer, with Mozilla moving priorities away from Thunderbird and all, you will at least get simultaneous releases until Thunderbird 17.

Thunderbird 15 introduces four new features or improvements over previous versions of the email program. Probably the biggest addition in the version is support for instant messaging and chat which moves Thunderbird towards an all in one messaging solution than a program that you can only use for email related tasks.

Before you can use Thunderbird for chatting and instant messaging, you need to set up at least one chat account or protocol before the option becomes available. Thunderbird 15 supports Internet Relay Chat (IRC), Twitter, Facebook Chat, Google Talk and XMPP. If you are using one of the supported options you can now chat in real time with contacts. Another interesting feature is the chat history which you can search right from within the Thunderbird interface.

What you will probably notice immediately are new theme elements taken from the Australis theme that is added to Firefox as well. In this version of Thunderbird, you get new toolbar and menu designs.

A new service provider has been added to Thunderbird's FileLink feature. The feature provides you with an option to park larger attachments on file hosting services instead of sending them directly as attachments. The benefit for this is a faster mail retrieval for the recipient, the ability to modify the file on the file hosting site (if permitted by the host), and the elimination of bouncing emails due to file size limits.The new provider is UbuntuOne, which you can now select when you set up online storage services in Thunderbird. Check out this guide to add the popular file hosting and synchronization service Dropbox as a provider. The fourth and final feature is a do not track option for Thunderbird's Search the web feature.

Thunderbird 15.0.1

Mozilla has just released an update for the email client Thunderbird that brings the version of the program to 15.0.1. An update shortly after a release, the Thunderbird 15.0 release dates back two weeks, is usually an indication of a bug  in the release that is causing issues for many of the program's users.

It is not uncommon that Mozilla has to push out updates shortly after a release. This just happened a few days ago when the company released Firefox 15.0.1, an update for the web browser that resolved a issue with the private browsing mode that did not work properly anymore.

The Thunderbird 15.0.1 on the other hand has nothing to do with that. The release notes list two issues that have been fixed in the new version. The fist addresses stability issues in the client when searching or forwarding emails, the second a fix for the find and replace feature and several other actions in the compose window that did not work properly in Thunderbird 15.0.

• Stability issues causing crashes when searching emails and forwarding emails (770262, 780908)
• Find and replace and some other actions in the compose window were not working correctly (787673)

The links point to Bugzilla where additional information about each issue are available. Existing Thunderbird users should get update notifications when they start up the email client the next time. It is alternatively possible to click on Help > About Thunderbird to check for updates manually. Thunderbird should pick up the update then and install it automatically on the system.

Thunderbird 16.0

Mozilla Firefox and Thunderbird are always updated at around the same time. It therefore comes as no surprise that Thunderbird 16.0 has been released a day after Firefox  16. The email client does not appear to be affected by the security vulnerability detected in Firefox 16 which got Mozilla to pull the web browser from the website with the recommendation to downgrade Firefox 16 to 15.0.1.

Thunderbird 16.0 comes with two feature additions, security fixes and various stability and performance related fixes. The client's filelink feature, introduced some time ago, has been updated with a new online storage service. The feature enables you to store email attachments on supported file hosting sites instead of sending them directly with the email. The main benefit here is that you do not have to worry about file size limitations and bouncing emails anymore. Recipients too benefit from this as they get the emails faster since they do not have to download the attachment right away.

The new storage provider integrated into Thunderbird is box.com which you can can configure by going to Tools > Options > Attachments > Outgoing.

The second new feature is the implementation of silent background updates which basically makes the email client download and install updates in the background, so that the next start and the final push at that time are not delaying the start up of the email client that much anymore. Windows Vista and newer version of Windows users furthermore benefit from a new maintenance service that gets installed on the system which enables Mozilla to bypass an UAC prompt that would otherwise appear during updates of the program.

A total of 13 different security related issues have been fixed in Thunderbird 16, of which 10 have received the highest vulnerability rating of critical.

• MFSA 2012-87 Use-after-free in the IME State Manager
• MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer
• MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer
• MFSA 2012-84 Spoofing and script injection through location.hash
• MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties
• MFSA 2012-82 top object and location property accessible by plugins
• MFSA 2012-81 GetProperty function can bypass security checks
• MFSA 2012-80 Crash with invalid cast when using instanceof operator
• MFSA 2012-79 DOS and crash with full screen and history navigation
• MFSA 2012-77 Some DOMWindowUtils methods bypass security checks
• MFSA 2012-76 Continued access to initial origin after setting document.domain
• MFSA 2012-75 select element persistance allows for attacks
• MFSA 2012-74 Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8)

Other notable changes include the fixing of a memory leak on some IMAP operations, scrolling improvements and various crash fixes.

Thunderbird 17.0.3

Mozilla's decision to put development of the Thunderbird email client on the back burner to concentrate on "more promising" projects like Firefox OS has caused quite the stir on the Internet and especially among Thunderbird users. That's despite the fact that there is not really a lot to add to the email client in terms of functionality or features, at least not those that are available on the frontend of the program.

The decision was made to involve the community - more - in the updating process to move Mozilla engineers to other projects. What this basically means for the next foreseeable future is a concentration on security fixes and major bug fixes, and not on adding new features to the email program.

Thunderbird is still following the same release schedule as the Firefox web browser, it comes therefore at no surprise that version 17.0.3 was released yesterday alongside Firefox 19. Please note that 17.0.3 is the version that the stable channel was updated to. It appears that beta channels are still increasing in full version steps.

So what is new in Thunderbird 17.0.3?

Mozilla fixed eight security vulnerabilities in the client. Four of the vulnerabilities have received the highest rating of critical, two a rating of high, and two one of moderate.

• MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
• MFSA 2013-27 Phishing on HTTPS connection through malicious proxy
• MFSA 2013-26 Use-after-free in nsImageLoadingContent
• MFSA 2013-25 Privacy leak in JavaScript Workers
• MFSA 2013-24 Web content bypass of COW and SOW security wrappers
• MFSA 2013-23 Wrapped WebIDL objects can be wrapped again
• MFSA 2013-22 Out-of-bounds read in image rendering
• MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)

That's nothing compared to the 19 vulnerabilities that Thunderbird 17.0.2 fixed though. Still, if you are running Thunderbird make sure you update the program as soon as possible to protect your system from attacks targeting those vulnerabilities.

The only other issue fixed in this version of Thunderbird repairs that attachments sometimes could not be removed using the keyboard. Check out the release notes for additional information.

Advertisement