Thunderbird 91 is available as a manual upgrade
Thunderbird 91, a new major version of the open source cross platform email and communication client, has been released. The new version of Thunderbird is not yet available via the email client's integrated updating functionality.
Users interested in the new version need to download and install it manually; existing installations of Thunderbird will be upgraded in the process to the new version.
Similarly to how Thunderbird 78.x was released, Thunderbird 91 will be offered via the integrated updating functionality eventually.
Thunderbird 91
The installation of Thunderbird 91 is straightforward. Download the version from the official Thunderbird website and run the downloaded file afterwards.
Existing installations should be detected automatically and the installation or upgrade should progress without issues.
Thunderbird 91 is a new major version, which introduces new features and changes. The email client is the first to support Apple Silicon CPUs natively, which benefits Mac OS users.
The program makes use of multiple processes by default now, similarly to how Firefox introduced support for the feature a long time ago.
The email account setup process has been improved in the new version of Thunderbird. The email client supports CardDAV address books now, and will detect these automatically based on the email address the user provides. Similarly, remote calendars will be detected automatically to streamline the setup process.
If you set up a Gmail account, Thunderbird will detect the address book and calendar, if available, to suggest to import the data right away.
The team added a new redirect option to the email client. You find it when you select the More button when viewing an email, or when right-clicking on emails, as it is listed in the context menu.
Mail redirects work similarly to mail forwarding, but with several differences. Redirected emails retain the original email body and subject, whereas forwarded ones are changed somewhat.
Another useful feature of Thunderbird 91 is the ability to change the order of accounts in the user interface; this can't be done in the main window. You need to open Tools > Account Settings, and use drag & drop to sort accounts.
Smaller features of Thunderbird 91
- Support for Latvian language.
- Attachments are no longer listed in the header area, but at the bottom of the email window.
- Compose window may show empty CC and BCC rows.
- Warning popups when
- an email address may not exist.
- public recipients exceed thresholds.
- Support for non-ASCII characters in recipient addresses.
- Support for X-Unsent: 1 header to open saved emails in compose windows for editing.
- Context menu to expand mail list pills in the compose window to the list of recipients.
- Quick Find is available in the multi-message view.
- New keyboard shortcuts to access To, CC and BCC fields in the compose window (use Ctrl-Shift plus T, C or B to jump to the fields).
- Folder views can be pinned to the Folder Pane.
- About:support displays installed language packs and dictionaries.
- PDF.js viewer integrated in Thunderbird to view PDF documents in the email client.
- OpenPGP changes
- Option to disable encrypting saved drafts.
- Copy Key ID added to context menu of Key Manager.
- Encrypt mail to BCC recipients.
- Support for Outlook contacts. Need to set ldap_2.servers.outlook.dirType to 3 in the advanced configuration.
- Support for Matrix servers (Beta, set chat.prpls.prpl-matrix.disable to FALSE to enable in advanced config).
- Suggestions for incompatible/discontinued add-ons.
- Calendar:
- Colors now displayed in selection dropdown.
- New Edit context menu item.
- Double-click to open ICS files.
- Thunderbird is a file handler for webcal URLs.
- Filter and sort items are imported in the import dialog.
- Prompts when no identity matches the attendees list of an event invitation.
- mid: URL scheme supported for Related Links.
- Per-Calendar and global notification settings.
- Undo and redo support for event and task creations/deletions.
The list of changes is equally long. Names of some features were changed: the master password is now called primary password, add-ons was renamed to add-ons and themes, and options is now called preferences.
Account setup happens in a dedicated tab now, and red indicates invalid email addresses in compose windows exclusively now (opposed to highlighting all emails not found in the address book).
Thunderbird may start more quickly as chat and custom widgets are lazy-loaded.
Here are the other changes:
- A click on a selected email address in the compose window allows you to edit it.
- Folder pane color scheme changed, focusing on readability.
- SMTP protocol, LDAP protocol and sending backend implementations rewritten in JavaScript.
- Message sending will fail if any of the recipients are not accepted by the SMTP server.
- SMTP server errors are shown now.
- UI customization options moved to View menu.
- Movemail and WeTransfer FileLink support removed.
- Enterprise policies updated.
- Printing UI updated.
- Image-based emoticons replaced with Unicode.
- Summary dialog displayed when opening existing events.
- CalDAV is the default if supported by the server.
The developers have fixed a significant number of issues besides all that. You find them listed on the official release notes page.
The developers list one issue: OTC chat encryption fails on 32-bit Windows builds.
Now You: what is your take on the new Thunderbird 91?
Thank goodness they haven’t switched to proton, it’s bad enough that i had to spend a day undoing that mess on FF, i wasn’t looking forward to having to do the same with TB.
All that changes, and still no multi-line message list?
LOL, they’ve followed Firefox in turning on pdfjs.enableScripting by default. That means JavaScript is now allowed to run in PDFs opened right inside of Thunderbird. There are enough spam / malicious e-mails already using PDFs to infiltrate systems, so the question is, were the Mozilla developers lucid when they decided to have this enabled by default? I doubt it.
If you care about your security, set pdfjs.enableScripting to FALSE.
Does T-bird follow the config settings of Firefox (which I have this set to false)? If not, how to set pdfjs.enableScripting in T-bird?
Dave>
I’m on 78 and don’t have the setting mentioned. pdf’s are opened with Sumatra (my windows default) as they always have been. The windows box you’ve probably seen a million times
Open with
Save file
etc
pops up.
I looked in the config editor Options>General>Config editor
and found a setting you may want to make false
browser.pdf.launchDefaultEdgeAsApp
I think this tries to launch Edge for pdf’s. Not sure since due to a Windows update bug, I don’t have either edge installed. If some of the recent updates are done offline, oldedge is uninstalled and new edge not installed. Not a bug to me! :)
Not going to 91 until it’s had some time to dry out a little and will keep the new, improved pdf weirdness in mind. Don’t like it particularly.
@ULBoom
> I’m on 78 and don’t have the setting mentioned.
You don’t have the setting because Mozilla added pdf.js in Thunderbird 91.0, Thunderbird 78 does not contain the component.
@Dave
You can access Thunderbird’s about:config “Config Editor” here:
https://dwaves.de/wp-content/uploads/2019/12/Thunderbird-68.3.0-disable-JavaScript-Screenshot-at-2019-12_2-Advanced-General-Config-Editor-1024×754.jpg
Preferences –> Advanced –> General –> Config Editor
Search for pdfjs.enableScripting in the search bar of the “Config Editor”.
Firefox and Thunderbird are different applications and store their settings in different files – just because you have toggled a setting in Firefox, doesn’t mean that it is also toggled in Thunderbird.
Quote:
“That means JavaScript is now allowed to run in PDFs opened right inside of Thunderbird.”
FYI
“The internal PDF viewer (based on pdf.js) converts the PDF to HTML. There is a possibility that a PDF could be crafted to trigger some kind of vulnerability in that conversion code, but it would have to be a different kind of attack from ones affecting native applications like Adobe Reader/Acrobat or Apple Preview. Also, you may feel more comfortable knowing that if the PDF contains JavaScript for an Adobe application, that is disregarded by the pdf.js viewer.”
Source: https://support.mozilla.org/en-US/questions/1285774
JavaScript for Acrobat APIs is not only a bit different compared to Browser support for JavaScript APIs
https://developer.mozilla.org/de/docs/Mozilla/Add-ons/WebExtensions/Browser_support_for_JavaScript_APIs
but also can handle a bunch of other things.
https://opensource.adobe.com/dc-acrobat-sdk-docs/
and that is what malicious code is primarily aimed at!
@ghacks.team
It seems that you are having encoding problems with Unicode symbols and certain language characters lately.
@Emil Brausewetter
You don‘t need JavaScript in the vast majority of PDF files, just disable it. Plus, it never seems to occur to you that Thunderbird can be attacked directly, one can even reuse Firefox exploits for this.
Thunderbird uses Amazon Web Services (AWS) to host its servers and as a content delivery network. Your device’s IP address is collected as part of AWS’s server logs.
@Klaas Vaak
Hey Klaas, long time no see. How are you?
As for your comment, I think a VPN would mitigate this concern (IP address leak). Also, a great part of the web has AWS in the background, I think avoiding them is next to impossible.
@Iron Heart: great to hear from you again. I have not commented much lately because the subjects were not relevant for me – I am on MacOS.
I hope you are keeping well, esp. with the ongoing Covid saga.
As for AWS, thanks for pointing that out. I must say I was a bit shocked when I read it. I used TB for quite a few years, then when I switched to MacOS in 2019 I started using its Mail app, though I am not too comfortable with it, and of course that passes through the Apple servers.
I don’t think a VPN service is the appropriate thing for email because the individual emails pass through the AWS servers, probably get copied, incl. the contents.
Anyway, I may well revert back to TB; after all, I am not using Apple’s browser Safari either, I am using a much more privacy oriented one where I can add extensions – it starts with a B and ends in an E ?
@Iron Heart: great to hear from you again. I have been quiet comment-wise because there was not much for me to comment on.
Hope you are well, bearing up under the strain of the Covid saga and all that.
Thanks for the comment about AWS. I was somewhat shocked to see TB uses it, esp. since I used TB for quite a few years till I moved over to MacOS in 2019 and started using their Mail app.
I might revert back to TB; after all, I am not using Apple’s browser Safari either, I am using a much more privacy-oriented browser: starts with a B and ends with an E. ?
@Klaas Vaak
No worries, health-wise, I am fine. I was not affected that much by what is going on in the outside world because, due to my living circumstances, I was able to self-isolate fairly well. During the pandemic, I closely followed the developments re. user privacy around the world, because digital countermeasures aimed at preventing disease spreading have raised new privacy concerns, some valid, some not so much. This touches on a topic I’ve already been interested in before the pandemic, so it was an excellent opportunity for me to learn more. Making lemon juice out of lemons, so to speak.
I think you are misunderstanding the part of the privacy notice where Mozilla talks about AWS: https://www.mozilla.org/en-US/privacy/thunderbird/
They use AWS to host their web services like the add-on updates and add-on website, to distribute blocklist updates etc. Your e-mails aren’t being uploaded to AWS, Thunderbird contacts the incoming / outgoing servers of your e-mail provider directly. The privacy of your e-mails is dependent on the privacy policy of your own e-mail provider and not so much on Thunderbird.
The only time Thunderbird will “phone home” in regards to your e-mail address is when you set up a new e-mail address, Thunderbird contacts a Mozilla database containing known incoming / outgoing servers for every popular e-mail provider, in order to simplify the setup process (you’d otherwise have to input the servers manually). Within this process, your e-mail address and IP address might be transmitted to Mozilla. That doesn’t mean that they have your e-mails, though. As I said, as far as mail delivery (incoming / outgoing) is concerned, Thunderbird communicates with your provider directly.
Some e-mail applications do have a “Send later” functionality where your e-mail is channeled from the servers of your own provider to the servers of the developer of the e-mail application, from where your e-mail will then be sent at the time you’ve set. This is done in such an artificial manner because the e-mail protocol in itself doesn’t have a “send later” functionality. Spark and AirMail are known to offer this, it might be a privacy concern because it introduces yet another party to your communications. Thunderbird does not have such functionality (which is the only functionality for which I could imagine that your e-mails get uploaded anywhere) and this is therefore not a concern for Thunderbird.
In general, if you are worried about your real IP address leaking, e.g. a leak to your own e-mail provider, use a VPN. Hope this helps.
@Iron Heart: may thanks for that detailed explanation, you set my mind at ease. My misplaced privacy concern about TB and AWS is probably more relevant to Apple and its Mail app.
> The only time Thunderbird will “phone home” in regards to your e-mail address is when you set up a new e-mail address, Thunderbird contacts a Mozilla database containing known incoming / outgoing servers for every popular e-mail provider, in order to simplify the setup process (you’d otherwise have to input the servers manually). Within this process, your e-mail address and IP address might be transmitted to Mozilla.
Neither e-mail address nor IP address are transmitted.
@Wayne
You don’t know what you are talking about, frankly. Let me point you to Mozilla Thunderbird’s privacy policy again:
https://www.mozilla.org/en-US/privacy/thunderbird/
There it says, literally:
“Set-Up and Configure Your Email
Thunderbird collects your email domain and other technical data to set-up and configure your email account. Other information, like your name, your email messages, and your account’s address book are stored locally on your computer and never sent to us. Learn more here.
Email domain: Thunderbird receives your email address domain. Your full email address is never processed or stored on our servers (unless you choose to share it when you send a crash report).
Technical data: Thunderbird also receives information about the application’s version and device operating system. When Thunderbird sends technical data to us, your IP address is temporarily collected as part of our server logs.”
So both the e-mail address and IP address are initially being transmitted. Inform yourself.
@Iron Heart: sorry for my double reply, don’t know what went wrong.
Installed the (manual) update yesterday and all is well.
The improvements are quite noticeable and work as expected. ?
Why upgrade the Mozilla Thunderbird version number from 78.13.0 to 91?
Has that to do with the latest release of the Mozilla Firefox browser being 91?
I still think that outlook 2019 has a better user handling the options flow!
Technical and with the add-ons Thunderbird has become the more superior software but concerning the handling of the function Outlook 2019 is much (Easier to handle) better.
> Why upgrade the Mozilla Thunderbird version number from 78.13.0 to 91? Has that to do with the latest release of the Mozilla Firefox browser being 91?
Yes. Thunderbird do not ship all the version numbers because Thunderbird follows the Firefox numbering, but only ship the equivalent of Firefox *ESR* releases. Firefox was at 78 ESR but just shipped 91 ESR, thus, so did Thunderbird. (It’s been like this for the past 5-6 years. Note also, Thunderbird is a community project – Mozilla doesn’t manage, plan nor build it, but the community uses Mozilla resources to deliver it.)
There is a major bug/mistake when upgrading from T-78 to T-91: You no longer can create a google account with login name as “[email protected]”. Thundebird now uses mandatory pop up session to “verify” imap and smtp. And the popup will fail on smtp port to smtp.google.com. If your username is just google_username, then the account creation works.
Users can still use google.com webmail to send. But that’s nothing to do with Thunderbird. With this “major upgrade”, Thunderbird effectively blocks access to google account with username with @. Permanently.
Anyway to report this design bug to Thunderbird? Don’t think they even know this details.
@George W,
That would not be a bug. You will want to contact your tech support, or file a support request at https://support.mozilla.org/en-US/questions/new/thunderbird/form
What a disaster!
Mac OS X 10.11.6, Thunderbird 78.14. it showed update to 91 available, I let it update, BANG!
v91 DOESN’T WORK on 10.11.6, but apparently TB doesn’t check the active OS version before updating. !!!
A reinstall of 78.14 solved it..
What a bunch of asshats programs this thing???
TB 91.2.0 upgrade has removed in my opinion the single most important safety and beneficial feature in the entire email client application the PRINT PREVIEW option providing the ability to read an email without opening it. Now there is only a PRINT option which either displays a 2 page Welcome to Thunderbird letter or a Blank screen is displayed.
Everytime I drag an image file to the email window I scream FUCK and have to delete the attachment and re-drag the image file in. I cannot get used to that damned Inline/Attachment choice. Let me set in preferences inline as normal, and option drag for the attachment. Plus for an in-progress typing of an email I can’t just drag an image to a certain place in the email anymore. I have to pick one or the other then drag the image up into the email where I want it. Going back to 78.
Oh, and by the way, if you want to downgrade back to 78 you will be rebuilding your profile folders by hand or setting up your accounts all over again. 91 changes your profile folder and the only option when trying to launch 78 is QUIT.
How do you control how a linked pdf is opened/saved? As in, a link given in the body of the message, not an attachment? It’s opening automatically in Firefox (my default), meaning the sender is essentially getting a read return, as well as a browser fingerprint. How do I get it to either open in a Thunderbird tab (I changed something & it’s not changing back), or just download the pdf to my computer from within Thunderbird, to at least avoid the browser fingerprinting? Right-clicking on the link only offers to save the link, not the file.