Thunderbird 78.10.2 is out with security fixes and usability improvements
MZLA Technologies Corporation released a new version of its Thunderbird email client on May 17, 2021. Thunderbird 78.10.2 is a security update but it also includes usability improvements and a number of bug fixes.
The new version is already available and users who have not turned off automatic updates in the email client should see it pop up on their screens automatically. A quick check of Help > About Thunderbird displays the current version of the email client and the option to check for updates and install them if that has not happened automatically already.
Thunderbird users who prefer to update manually find the latest download link on the official project website.
Thunderbird 78.10.2 addresses two security issues in the client. Both are rated with a severity rating of low and only affect certain OpenPGP use cases according to the security advisories page.
CVE-2021-29957: Partial protection of inline OpenPGP message not indicated
If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected.
CVE-2021-29956: Thunderbird stored OpenPGP secret keys without master password protection
OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions.
As far as improvements are concerned, there are two. The first adds a preferences icon to the email client's add-ons manager to indicate that an options page is available. Users had to click on the extension previously to find out whether one is available, and it was quite easy to miss the options page because of that.
The second improvement adds the option to import OpenPGP keys without a primary secret key.
Thunderbird 78.10.2 includes the following fixes and improvements next to that:
- Fixed that OpenPGP messages with a compression ratio of over 10 could not be decrypted.
- The parsing of some OpenPGP user IDs failed.
- The selected OpenPGP was lost when the Key Properties dialog in the account settings was opened.
- Improvements to "OpenPGP partial encryption reminders".
- Fixed the troubleshooting information page on Mac OS as it did not display row labels.
- The mail toolbar buttons were too big when icons and text was displayed.
Now You: have you upgraded to the new version already?Advertisement