Thunderbird 102.9.0 is a security update for the open source email client
The Thunderbird team has released a new stable version of the open source email client. Thunderbird 102.9.0 is a security and bug fix update.
The new version of the email client is available already. Existing Thunderbird installations should receive the update automatically, if the automatic updates functionality has not been disabled by the administrator.
Some users may prefer to update the application manually. This is done by selecting Help > About Thunderbird, or by selecting the Settings icon in the new sidebar on the left.
Thunderbird displays the installed version in a small overlay window in the interface. The email client performs an update check and will download and install updates that it finds during the check.
Thunderbird 102.9.0: the security fixes
Thunderbird 102.9.0 addresses 6 different security issues in the email program. The security issues have severity ratings of high and moderate, the aggregated rating is high.
Thunderbird's development team notes that many of the security issues "cannot be exploited through email in the Thunderbird product" because scripting is disabled when reading email. Thunderbird is based on Firefox code, and it inherits some of the vulnerabilities affecting Firefox because of that.
- CVE-2023-25751: Incorrect code generation during JIT compilation
- CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation
- CVE-2023-28162: Invalid downcast in Worklets
- CVE-2023-25752: Potential out-of-bounds when accessing throttled streams
- CVE-2023-28163: Windows Save As dialog resolved environment variables
- CVE-2023-28176: Memory safety bugs fixed in Thunderbird 102.9
Information about each of the vulnerabilities is provided on the Security Advisories website.
The official release notes list four non-security fixes:
- Notification about a sender's changed OpenPGP key was not immediately visible
- TLS Certificate Override dialog did not appear when retrieving messages via IMAP using "Get Messages" context menu
- Spellcheck dictionaries were missing from localized Thunderbird builds that should have included them
- Tooltips for "Show/Hide" calendar toggle did not display
None of these appear to be serious issues.
The next major version of Thunderbird, which will include lots of changes, will be released later this year.
Now You: which version of Thunderbird do you run, if any?
I’m on 102 and it is an annoying piece of garbage!
My dictionary keeps flipping from local dictionary to US dictionary. It keeps losing drafts reporting in effect that is saving another draft and cannot save the current on until that is done. I only ever work one message at a time. I killed the account and configured it again. Same problem. ATM I switched to saving drafts in a local folder. That seems to be working for two days. Perhaps it is a gmail issue but Thunderbird is reporting the problem and its activity manager says it is doing nothing.
The real problem is finding a viable alternative. I gave up on Bluemail. The only mail client I never had a problem with is Microsoft Outlook.
Microsoft Outlook is going to be a major issue shortly. They are merging it into a single, bloated web application. Thunderbird might be the only email client left that’s useful.
Version 91 with updates disabled works great.
“The only mail client I never had a problem with is Microsoft Outlook.”
HAHHAAHHAHHAHHAAHA this place feels like a M$ shill Op.
Well, smarty pants, how well does M$ Outl00k run on Linux?
Thunderbird works great on Linux, maybe you should try that.
Just updated to 102.9.0 the other day.
I think Thunderbird is great, although I’m a bit skittish when major updates are pushed out. I don’t know why, since I always do a backup first.
I’ve been using Thunderbird (instead of Outlook) since switching to Linux Mint a few months ago and always update it manually to the latest version when it’s released (same with Firefox ESR) by downloaded/extracting the tar.bz2 file. Thunderbird works well for my needs. I do not miss using Outlook on my personal systems. But I still get to experience all its bloated and bug ridden glory at work with the 365 version.