Thunderbird 102.13 fixes 5 security issues
Thunderbird's development team has released Thunderbird 102.13 to the email client's stable channel. The update for the open source application fixes five security issues in the email client.
The release announcement was published on July 5, but not all users of the email client could obtain the update via the built-in updating functionality; this has changed today and most Thunderbird installations should receive the update now.
Thunderbird users may select Help > About Thunderbird to display the current version that is installed. The email client runs an update check when the about page is opened to download and install the latest version.
Thunderbird 102.13: the security issues
The Thunderbird team lists five unique security issues on the Security Advisory page. The impact of the security issues is listed as high, second only to critical. The fixes address several use after free issues. Some issues are related to Firefox, but since Firefox and Thunderbird share code, have found their way into the email client's update as well.
Here is the full list of fixed security issues:
- CVE-2023-37201: Use-after-free in WebRTC certificate generation
- CVE-2023-37202: Potential use-after-free from compartment mismatch in SpiderMonkey
- CVE-2023-37207: Fullscreen notification obscured
- CVE-2023-37208: Lack of warning when opening Diagcab files
- CVE-2023-37211: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13
None of the issues are exploited actively and at least some are no threats for most Thunderbird users.
Thunderbird 102.13's release notes mention two non-security changes in the update.
- Release notes opened from about: dialog will now open in the default web
- Upstream RNP version numbers now recognized as official in about:support
Thunderbird users, who open the Help > About Thunderbird page and activate the release notes link, will notice that the web resource is now opened in the default system browser.
The next major version of Thunderbird, Thunderbird 115, will be released on Monday. It comes with a modernized interface and several changes, and has been in the making for quite some time.
You can check out our preview of the new Thunderbird here.Advertisement