Thunderbird 78.9.0 is a bug fix and security release
A new stable version of the Thunderbird email client has been released on March 23, 2021. Thunderbird 78.9.0 is a bug fix and security update for all stable versions of the email program (Mac, Windows and Linux). The update was released on the same day that the new Mozilla Firefox stable version was released.
The new version of Thunderbird is already available as a direct download from the official Thunderbird website, and as an in-browser update. Select Help > About Thunderbird to display the installed version and run a manual check for updates.
Thunderbird 78.9.9 fixes five security issues with severity ratings of high and moderate. High is the second highest rating after critical.
- CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read (HIGH)
- MOZ-2021-0002: Angle graphics library out of date (HIGH)
- CVE-2021-23987: Memory safety bugs fixed in Thunderbird 78.9 (HIGH)
- CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage (MODERATE)
- CVE-2021-23984: Malicious extensions could have spoofed popup information (MODERATE)
The remaining changes in the new Thunderbird version address various issues of previous client versions. The notification system got another fix in this release as it happened that old unread messages were displayed by it repeatedly during new mail events. Thunderbird users who use the integrated calendar may have noticed that it was not possible to remove recurring tasks; this has been fixed in Thunderbird 78.9.0 as well.
The address book received three fixes:
- The synchronization of read-only Google address books via CardDAV failed in previous versions; this is fixed.
- The importing of VCards with non-ASCII characters would fail; this is also fixed.
- The synchronization from Google address books could result in some values not being parsed; fixed as well.
The new update addresses an encoding issue for messages with quoted-printable and format=flowed. The issue is fixed, but existing messages may display some words that are not separated by a space as a consequence.
Messages that contained an anchor tag with an invalid data URI failed automatically when the send button was activated.
The developers made several accessibility improvements: some fields in the preferences were not readable in dark theme mode, and the input focus was not moved to the new tab when switching tab. Both of these are addressed in Thunderbird 78.9.0.
The release notes list a single known issues. The fix for new mail notifications not showing if unread messages from previous notifications were still there, has been removed. The team is working on a resolution.
