Thunderbird 68.8.0 is out with bug and security fixes
MZLA Technologies Corporation, a wholly owned subsidiary of Mozilla Foundation, has released Thunderbird 68.8.0. The new version of the open source cross-platform email client is available for all supported operating systems.
Existing users of Thunderbird may select Help > About Thunderbird to run a check for updates from within the client. The new version should be detected, downloaded and installed. New users and those who prefer to download and install updates manually find the latest version on the official Thunderbird project website.
Note: Thunderbird 60.* installations will only be offered the upgrade to Thunderbird 68.* if the calendar extension Lightning is installed. A manual installation of Thunderbird 68 works in any case though. Some extensions may not be compatible with the new version.
Thunderbird, which is based on Firefox code to a large degree, follows the release schedule of the Extended Support Release version of Firefox known as Firefox ESR.
Thunderbird 68.8.0 is a bug fix and security release. The security advisory website lists six vulnerabilities in total that have been fixed in the new version. Two of the vulnerabilities have received the highest severity rating of critical. The other ratings are 1 high, 2 moderate, and 1 low.
- CVE-2020-12387: Use-after-free during worker shutdown (critical)
- CVE-2020-12395: Memory safety bugs fixed in Thunderbird 68.8.0 (critical)
- CVE-2020-6831: Buffer overflow in SCTP chunk input validation (high)
- CVE-2020-12392: Arbitrary local file access with 'Copy as cURL' (moderate)
- CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection (moderate)
- CVE-2020-12397: Sender Email Address Spoofing using encoded Unicode characters (low)
The team lists six fixed bugs and issues in Thunderbird 68.8.0 that are not security-related on the release notes page.
- Two account manager fixes: the first corrects a text fields issue that displayed them too small in some cases. The second that the authentication method did not update when SMTP servers were selected.
- Links with embedded credentials would not open on Windows devices (e.g. https://username:[email protected]/)
- Thunderbird would sometimes sent messages with "badly formed addresses" when addresses were added from the addressbook.
- Screen readers were reporting too many activities from the status bar.
- Setting IMAP messages as read with "borwser.messages.updated" in extensions failed to persist.
Now You: Have you updated Thunderbird already or are you still using an older version / different client?
I have frozen Thunderbird at 52.9.1 for quite awhile because later versions inactivate extensions I don’t want to be without. Thunderbird went the same way as Firefox did: killing extensions and configs I didn’t want to be without. Many individuals who wrote desirable extensions just didn’t have time to keep upgrading them to meet changing requirements.
I moved to v68 earlier this year – after deciding that there were enough compatible extensions (search for ’68’, also see https://addons.thunderbird.net/en-US/thunderbird/collections/repliqu%C3%A9/thunderbird-68/) – and no problems so far.
@Max: Do you know of any way to arrange TB’s message list like Outlook – i.e. in two rows for each message, with subject/date in the first row and a message preview snippet in the second? Either an extension or some CSS hack would do!
The most obvious thing but they donâ€™t seem to really intend to do anything in that direction anytime soon. Maybe someone is paying them to keep their product ugly and not user-friendly.
@ShintoPlasm – looks like a request for that is still pending after 15 years https://bugzilla.mozilla.org/show_bug.cgi?id=307070
I decided to move to v68 today. There are some addons that no longer work, but most of the ones I rely on have been ported over.
The next major release is going to break things all over again though.
I so wish Thunderbird had inbuilt Exchange Web Services (EWS) and Microsoft Graph support for business customers.
This is great new! I really think it is the best email manager.
If only they could stop the nonsense with addresses (1 by line) and allow to write them next to each other…
@Franck: Someone else has already raised the option here – that someone might be *paying* the TB devs to keep their UI pug-ugly… Otherwise I can’t imagine why their UI is still so primitive…
@Franck, multiple address message compose lines is available in beta, and will ship more broadly in release 78.
I keep v52 because keeping Thunderbird in tray is a basic functionality for me, and I’m using a legacy add-on for that (FireTray).
I plan to use birdtray instead so that I can update Thunderbird, but birdtray is only available for Ubuntu 19.10 and later, I’m still in 18.04LTS.
v52 ?! https://addons.thunderbird.net/en-US/thunderbird/addon/minimizetotray-reanimated/?src=userprofile works on v60.9.1!!!
I’m waiting that the minimizetotray found on TB beta to pass to the release channel!!!
@anonymous, tray support is available in beta Windows and will ship more broadly in release 78. Unclear yet what will happen on the Linux side – a lot depends on what Linux-sperts are able to provide.
I wish I could fork it and call it ANGRYVULTURE, with an angry vulture holding part of some road kill in it’s beak.