Thunderbird users who use a Master Password in the application to protect passwords may have been exposed to a password deletion issue in recent versions of the email client.
The major release introduced new functionality and made some changes to Thunderbird; one of those changes migrated the security databases key3.db and cert8.db used to store passwords and certificates to key4.db and cert9.db.
Thunderbird installations affected by the issue had saved passwords and private certificate keys deleted. The issue affected installations with master passwords. Master Passwords are not used by default but may be enabled in the Thunderbird email client to improve security.
Thunderbird users need to open Tools > Options > Security > Passwords to protect passwords with a Master Password. Just check the "use a master password" box on the page and follow the instructions to add it to the program.
The development team notes that affected users may restore a backed up version of the databases to regain access to passwords and private certificates. How that is done is not mentioned, however. The backups, with the .bak extension, are listed in the Thunderbird profile folder.
Affected users could rename the current file, e.g. key3.db, and rename the backup file key3.bak afterward. It is not clear if that is the method that the team suggests; make sure you back up all files before you proceed.
Thunderbird 60.3.3 fixes three additional issues:
The version of the email client has three unresolved issues:
Users who run Thunderbird may notice that it is not offered currently when they run a manual check for updates under Help > About Mozilla Thunderbird. The official download page on the project website lists 60.3.2 as the latest version as well.
The new release is available on Mozilla's FTP though.
Tip: Find out how to migrate from Thunderbird 32-bit to 64-bit. Note that Thunderbird is offered as a 32-bit version officially only currently on Windows.Advertisement
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.