Thunderbird 102.1.0 fixes four security issues in the email client
Thunderbird 102.1.0 is now available. The new stable version of the email client patches four security issues in the application and makes some minor changes next to that.
Thunderbird 102.1.0 is already available. Existing Thunderbird installations will install the update automatically, provided that version 102.x is installed already. The Thunderbird 102.x release is a fresh one and updates from the previous main version, Thunderbird 92.x, are not yet supported.
Thunderbird users may speed up the installation by selecting Help > About Thunderbird from the menu. If the menu is not displayed, press the Alt-key on the keyboard to display it.
The window that opens displays the current version and a check for updates is run. Thunderbird 92.x users who want to upgrade to version 102 need to download the installer from the official project website instead to do so.
Thunderbird 102.1.0: security update
The official security advisories page lists four security vulnerabilities that affect earlier versions of the Thunderbird email client. The highest severity rating is high, the second-highest after critical.
Thunderbird shares its code base with Firefox, and several of the vulnerabilities do not affect Thunderbird as much as they do Firefox.
In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.
Here is the list of vulnerabilities:
- CVE-2022-2505: Memory safety bugs fixed in Thunderbird 102.1 (HIGH)
- CVE-2022-36314: Opening local <code>.lnk</code> files could cause unexpected network loads
- CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters
- CVE-2022-36319: Mouse Position spoofing with CSS transforms
None of the security vulnerabilities are exploited actively.
Thunderbird 102.1.0 makes the following non-security changes:
- POP message downloads were not displayed by the Activity Manager.
- Mail Folder Properties dialog display issue that cut off content.
- News messages that expired did not show an error message.
- The column picker of the Calendar closed prematurely "after selecting/deselecting a single column".
- Various unspecified user interface improvements.
Thunderbird users may want to upgrade the email client as early as possible to address the security issues.
Now You: do you run Thunderbird? If so, which version?
I tried 102.1 to see if it would fix the problems with 102.x.x. namely the slowness of the response moving between emails and the very, very frequent “not responding” messages visible at the top left of the screen. Annoying doesn’t say it all. I’ve never run into this with thunderbird in all the years I have been using it
@ ivan rotkovitz
Sounds like a possibly corrupt mail DB. There were some issues in the latest versions.
Back up your Thunderbird profile.
Export all emails.
And import into https://portableapps.com/apps/internet/thunderbird_portable
This is portable so it won’t affect your current install of Thunderbird.
If everything goes back to normal uninstall then reinstall Thunderbird and import the emails.
Although, I’d stick with the portable version. Back up its folder and everything is backed up – way better and easier :)
102.1.0 on most machines with at least one on 91.11.0 (all 64 bit).
“Various unspecified user interface improvements.”
I hope they don’t mean “Radical UI changes you’re going to hate, so we aren’t going to describe them in advance.”
Not likely. These are usually to small to mention specifically.
Thunderbird 91.11.0. I’ll wait untill 102 is proposed via an update.
I have 91.11.0 as well and although it’s the 64-bit version it’s installed in “C:\Program Files (x86)\Mozilla Thunderbird”. Why the installer placed it in the 32-bit program folder is a mystery.
There’s an “Upgrade” button on the 102.1 installer I noticed, but I backed out of the installation without testing to see what it would do.
Any guinea pigs around willing to go the whole hog? :D
Backup your profile?
Then keep waiting. But it won’t make the patch any better. You are getting the same version as us when they artificially flip the switch. This doesn’t free you from the mandatory backup of your profile. Scared of data loss?! Just make a backup! It’s the ultimate life hack.
Thunderbird Legacy 91.12.0 released.
On July 26, 2022 (UTC), Thunderbird 91.12.0, a minor update that “adds new features and fixes stability issues” to Thunderbird 91.x used by existing Thunderbird users, was released.
Thunderbird has the same rendering engine as Firefox ESR, and the backend is also comply with Firefox ESR.
Thunderbird 91.x will continue (scheduled through the end of August) to be supported until the compatible with 102.x of the next major upgrade, is resolved.
Upgrades are currently being intentionally blocked. At the appropriate time for the upgrade, an automatic update will be performed, so don’t perform a manual update, just wait it out!
Thunderbird — Release Notes (91.12.0) — Thunderbird
https://www.thunderbird.net/en-US/thunderbird/91.12.0/releasenotes/
All issues fixed in Thunderbird 91.12.0 can confirm at Mozilla.org bugs fixes:
https://bugzilla.mozilla.org/buglist.cgi?bug_status=RESOLVED&bug_status=VERIFIED&bug_status=CLOSED&classification=Client%20Software&product=Thunderbird&resolution=FIXED&target_milestone=Thunderbird%2079.0&target_milestone=Thunderbird%2080.0&target_milestone=Thunderbird%2081.0&target_milestone=Thunderbird%2082.0&target_milestone=Thunderbird%2083.0&target_milestone=Thunderbird%2084.0&target_milestone=Thunderbird%2085.0&target_milestone=Thunderbird%2086.0&target_milestone=Thunderbird%2087.0&target_milestone=Thunderbird%2088.0&target_milestone=Thunderbird%2089.0&target_milestone=Thunderbird%2090.0&target_milestone=Thunderbird%2091.0
A lot of sensationalism and faux panic when you can literally copy your profile somewhere safe before manual upgrades, lol.