Thunderbird 102.13 fixes 5 security issues
Thunderbird's development team has released Thunderbird 102.13 to the email client's stable channel. The update for the open source application fixes five security issues in the email client.
The release announcement was published on July 5, but not all users of the email client could obtain the update via the built-in updating functionality; this has changed today and most Thunderbird installations should receive the update now.
Thunderbird users may select Help > About Thunderbird to display the current version that is installed. The email client runs an update check when the about page is opened to download and install the latest version.
Thunderbird 102.13: the security issues
The Thunderbird team lists five unique security issues on the Security Advisory page. The impact of the security issues is listed as high, second only to critical. The fixes address several use after free issues. Some issues are related to Firefox, but since Firefox and Thunderbird share code, have found their way into the email client's update as well.
Here is the full list of fixed security issues:
- CVE-2023-37201: Use-after-free in WebRTC certificate generation
- CVE-2023-37202: Potential use-after-free from compartment mismatch in SpiderMonkey
- CVE-2023-37207: Fullscreen notification obscured
- CVE-2023-37208: Lack of warning when opening Diagcab files
- CVE-2023-37211: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13
None of the issues are exploited actively and at least some are no threats for most Thunderbird users.
Thunderbird 102.13's release notes mention two non-security changes in the update.
- Release notes opened from about: dialog will now open in the default web
- Upstream RNP version numbers now recognized as official in about:support
Thunderbird users, who open the Help > About Thunderbird page and activate the release notes link, will notice that the web resource is now opened in the default system browser.
Closing Words
The next major version of Thunderbird, Thunderbird 115, will be released on Monday. It comes with a modernized interface and several changes, and has been in the making for quite some time.
You can check out our preview of the new Thunderbird here.
Thunderbird 102.14.0 released
https://www.thunderbird.net/en-US/thunderbird/102.14.0/releasenotes/
Version 102.14.0, first offered to channel users on August 2, 2023
Fixed: Security fixes
https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird102.14
Continue to rely on automatic updates for existing Thunderbird 102 .13.0 users (If you use “About Thunderbird” in the help menu, be aware that there is a risk of executing “Apply manual updates”).
note,
Thunderbird 102.15.0, scheduled for release on August 30, 2023, is the final release of Thunderbird 102.
Owl, thanks for the info about TB 115.
Do you know if 115 will cause problems for TB extensions?
I also hope people will start posting when 115 is safe to upgrade to. I’m always hesitant to make the big jumps, like from TB 102 to 115.
> Do you know if 115 will cause problems for TB extensions?
I also hope people will start posting when 115 is safe to upgrade to. I’m always hesitant to make the big jumps, like from TB 102 to 115.
During the previous major upgrade “91>102” and “78>91” before that for existing users of Thunderbird, the “automatic update” function to the new version was intentionally blocked until compatibility confirmation and bug fixes were completed (optional manual update is was possible).
the “automatic update” function:
? > Preferences > General > Thunderbird Updates
? Automatically install updates (recommended: improved security)
? Use a background service to install updates
just check it
After that (without pressing any button), “automatic update” will be executed without permission at an appropriate time.
Managing Thunderbird Updates | support.mozilla.org
https://support.mozilla.org/en-US/kb/managing-thunderbird-updates
In particular, this milestone version (because of the “large-scale update” that realized long-standing issues and “requests” sent to Mozilla Connect, etc.),
Mozilla Connect: Thunderbird Tags
https://connect.mozilla.org/t5/ideas/idb-p/ideas/label-name/thunderbird/tab/most-kudoed
the development side has organized the line-up, they’ve created a roadmap, and they’re doing things carefully and steadily over time.
Thunderbird Planning | Topicbox
https://thunderbird.topicbox.com/groups/planning
Add-on Developers | Topicbox
https://thunderbird.topicbox.com/groups/addons
Backlog
Planned work for Thunderbird that is not currently on the roadmap.
https://developer.thunderbird.net/planning/backlog
From the above, the “automatic update function is suspended (blocking)” as before. A summary would be likely posted on the official blog soon.
https://blog.thunderbird.net/
Mozilla has stated that it will actively support “addons Thunderbird”, so unless it is a minor extension (with a very small user base), many of the addons Thunderbird that work fine in 102 will be likely compatible continue.
115 support can be found on ATN (addons.thunderbird.net),
Add-ons for Thunderbird
https://addons.thunderbird.net/en-US/thunderbird/
that information will be updated as appropriate.
Update for Thunderbird Supernova
Required steps to update add-ons for Thunderbird Supernova 115.
https://developer.thunderbird.net/add-ons/updating/tb115
> Closing Words
The next major version of Thunderbird, Thunderbird 115, will be released on Monday. It comes with a modernized interface and several changes, and has been in the making for quite some time.
Thunderbird — Release Notes (115.0) — Thunderbird
https://www.thunderbird.net/en-US/thunderbird/115.0/releasenotes/
Looking at the release notes above,
New features: 27
Changes: 17 items
Corrections: 78 items
It will be a special update.
Since it is a large-scale update, if you are an existing user, it would be safer to stop “manual overwrite installation”.
You should leave it to the “automatic update function”.
Among them, attention is:
new
Supernova UI with updated 3-Pane window with updated folder, message list, and message display panes; updated Quick Filter, Calendar and Address Book with new Vertical View, Unified Toolbar.
Pay attention to the revamped UI in “Supernova”.
New features by Supernova are introduced on the official page below,
https://www.thunderbird.net/en-US/thunderbird/115.0/whatsnew/
There is also an FAQ article below,
New in Thunderbird 115 Supernova | Thunderbird Help
https://support.mozilla.org/en-US/kb/new-thunderbird-115-supernova
As one of them, “card view” has been introduced as a display format of the message list in the case of Layout>Vertical display.
This is in response to a request that you want to display the message list in the thread pane in one line, but if you display it vertically, it will be a two-line display in card view without asking questions, making it difficult to use.
The default vertical display is set to “table view” as before, and it has been settled that it can be switched separately with “message list display options”.
Since “115” is a milestone version,
it is expected that problems will occur at the beginning of the release.
From such circumstances, for existing 102 users, it is customary to “stop (block) automatic updates to 115 for a while”.
Existing 102 users should not rush to move to “115”,
Please leave it to the “automatic update function”.
Simply put,
At this time, milestone version ‘115’ is being released for new installation (new users).