Thunderbird 102.6.0 is a security and bug fix update
Thunderbird 102.6.0 is out. The new version of the open source email client fixes security issues and bugs.
The new Thunderbird version is available already. While it is being distributed automatically to most devices with Thunderbird, some users may want to speed up the installation of the update.
All it takes for that is to select Menu > Help > About Thunderbird. The small window that opens displays the current version and whether the email client is up to date. The program checks for updates and any update found may be installed right away.
Thunderbird 102.6.0 addresses seven different security issues. The overall severity rating of the fixed security issues is high, second only to critical.
Here is the full list of the fixes:
- CVE-2022-46878: Memory safety bugs fixed in Thunderbird 102.6
- CVE-2022-46881: Memory corruption in WebGL
- CVE-2022-46880: Use-after-free in WebGL
- CVE-2022-46872: Arbitrary file read from a compromised content process
- CVE-2022-46882: Use-after-free in WebGL
- CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS
- CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions
The security advisory, published here, provides information about each of the security issues.
The release notes list seven non-security fixes. These address bugs in previous versions of the Thunderbird email client. One fix addresses an issue with the cookie deletion option of "show cookies". Cookies were not actually deleted when the action was selected by the user. Another fixes the pause RSS feed option in the RSS reader of the email client. RSS feed were not actually paused when the option was activated by the user.
There was also an issue with message indexes getting deleted when too many folders were opened, and an import issue that affected secret OpenPGP keys.
The two remaining fixes addresses a vCard formatting issue and a calendar issue that affected recurring events.
Thunderbird users may want to check the full release notes for additional details on the fixes.