Andy's News RoundupOriginal article

Thunderbird 102.1.0 fixes four security issues in the email client

Martin Brinkmann
Jul 30, 2022
Updated • Jul 30, 2022
Thunderbird
|
12

Thunderbird 102.1.0 is now available. The new stable version of the email client patches four security issues in the application and makes some minor changes next to that.

thunderbird 102
image credit: Thunderbird

Thunderbird 102.1.0 is already available. Existing Thunderbird installations will install the update automatically, provided that version 102.x is installed already. The Thunderbird 102.x release is a fresh one and updates from the previous main version, Thunderbird 92.x, are not yet supported.

Thunderbird users may speed up the installation by selecting Help > About Thunderbird from the menu. If the menu is not displayed, press the Alt-key on the keyboard to display it.

The window that opens displays the current version and a check for updates is run. Thunderbird 92.x users who want to upgrade to version 102 need to download the installer from the official project website instead to do so.

ADVERTISEMENT

Thunderbird 102.1.0: security update

thunderbird 102.1.0

The official security advisories page lists four security vulnerabilities that affect earlier versions of the Thunderbird email client. The highest severity rating is high, the second-highest after critical.

Thunderbird shares its code base with Firefox, and several of the vulnerabilities do not affect Thunderbird as much as they do Firefox.

In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.

Here is the list of vulnerabilities:

  • CVE-2022-2505: Memory safety bugs fixed in Thunderbird 102.1 (HIGH)
  • CVE-2022-36314: Opening local <code>.lnk</code> files could cause unexpected network loads
  • CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters
  • CVE-2022-36319: Mouse Position spoofing with CSS transforms

None of the security vulnerabilities are exploited actively.

Thunderbird 102.1.0 makes the following non-security changes:

  • POP message downloads were not displayed by the Activity Manager.
  • Mail Folder Properties dialog display issue that cut off content.
  • News messages that expired did not show an error message.
  • The column picker of the Calendar closed prematurely "after selecting/deselecting a single column".
  • Various unspecified user interface improvements.

Thunderbird users may want to upgrade the email client as early as possible to address the security issues.

Now You: do you run Thunderbird? If so, which version?

Summary
Thunderbird 102.1.0 fixes four security issues in the email client
Article Name
Thunderbird 102.1.0 fixes four security issues in the email client
Description
Thunderbird 102.1.0 is now available. The new stable version of the email client patches four security issues.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. ilev said on July 30, 2022 at 8:25 am
    Reply

    Thunderbird Legacy 91.12.0 released.

    1. owl said on July 31, 2022 at 12:56 am
      Reply

      On July 26, 2022 (UTC), Thunderbird 91.12.0, a minor update that “adds new features and fixes stability issues” to Thunderbird 91.x used by existing Thunderbird users, was released.

      Thunderbird has the same rendering engine as Firefox ESR, and the backend is also comply with Firefox ESR.
      Thunderbird 91.x will continue (scheduled through the end of August) to be supported until the compatible with 102.x of the next major upgrade, is resolved.
      Upgrades are currently being intentionally blocked. At the appropriate time for the upgrade, an automatic update will be performed, so don’t perform a manual update, just wait it out!

      Thunderbird — Release Notes (91.12.0) — Thunderbird
      https://www.thunderbird.net/en-US/thunderbird/91.12.0/releasenotes/

      All issues fixed in Thunderbird 91.12.0 can confirm at Mozilla.org bugs fixes:
      https://bugzilla.mozilla.org/buglist.cgi?bug_status=RESOLVED&bug_status=VERIFIED&bug_status=CLOSED&classification=Client%20Software&product=Thunderbird&resolution=FIXED&target_milestone=Thunderbird%2079.0&target_milestone=Thunderbird%2080.0&target_milestone=Thunderbird%2081.0&target_milestone=Thunderbird%2082.0&target_milestone=Thunderbird%2083.0&target_milestone=Thunderbird%2084.0&target_milestone=Thunderbird%2085.0&target_milestone=Thunderbird%2086.0&target_milestone=Thunderbird%2087.0&target_milestone=Thunderbird%2088.0&target_milestone=Thunderbird%2089.0&target_milestone=Thunderbird%2090.0&target_milestone=Thunderbird%2091.0

      1. Hitomi said on July 31, 2022 at 10:30 am
        Reply

        A lot of sensationalism and faux panic when you can literally copy your profile somewhere safe before manual upgrades, lol.

  2. Belga said on July 30, 2022 at 8:31 am
    Reply

    Thunderbird 91.11.0. I’ll wait untill 102 is proposed via an update.

    1. Frankel said on July 30, 2022 at 10:48 am
      Reply

      Then keep waiting. But it won’t make the patch any better. You are getting the same version as us when they artificially flip the switch. This doesn’t free you from the mandatory backup of your profile. Scared of data loss?! Just make a backup! It’s the ultimate life hack.

    2. TelV said on July 30, 2022 at 11:22 am
      Reply

      I have 91.11.0 as well and although it’s the 64-bit version it’s installed in “C:\Program Files (x86)\Mozilla Thunderbird”. Why the installer placed it in the 32-bit program folder is a mystery.

      There’s an “Upgrade” button on the 102.1 installer I noticed, but I backed out of the installation without testing to see what it would do.

      Any guinea pigs around willing to go the whole hog? :D

      1. Frankel said on July 30, 2022 at 4:18 pm
        Reply

        Backup your profile?

  3. anonymous said on July 30, 2022 at 4:24 pm
    Reply

    “Various unspecified user interface improvements.”

    I hope they don’t mean “Radical UI changes you’re going to hate, so we aren’t going to describe them in advance.”

    1. Martin Brinkmann said on July 31, 2022 at 7:59 am
      Reply

      Not likely. These are usually to small to mention specifically.

  4. Dan said on July 30, 2022 at 11:47 pm
    Reply

    102.1.0 on most machines with at least one on 91.11.0 (all 64 bit).

  5. ivan rotkovitz said on July 31, 2022 at 12:11 am
    Reply

    I tried 102.1 to see if it would fix the problems with 102.x.x. namely the slowness of the response moving between emails and the very, very frequent “not responding” messages visible at the top left of the screen. Annoying doesn’t say it all. I’ve never run into this with thunderbird in all the years I have been using it

    1. DrKnow said on August 1, 2022 at 12:14 am
      Reply

      @ ivan rotkovitz
      Sounds like a possibly corrupt mail DB. There were some issues in the latest versions.

      Back up your Thunderbird profile.
      Export all emails.

      And import into https://portableapps.com/apps/internet/thunderbird_portable
      This is portable so it won’t affect your current install of Thunderbird.

      If everything goes back to normal uninstall then reinstall Thunderbird and import the emails.

      Although, I’d stick with the portable version. Back up its folder and everything is backed up – way better and easier :)

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.