Thunderbird 102.1.0 fixes four security issues in the email client
Thunderbird 102.1.0 is now available. The new stable version of the email client patches four security issues in the application and makes some minor changes next to that.
Thunderbird 102.1.0 is already available. Existing Thunderbird installations will install the update automatically, provided that version 102.x is installed already. The Thunderbird 102.x release is a fresh one and updates from the previous main version, Thunderbird 92.x, are not yet supported.
Thunderbird users may speed up the installation by selecting Help > About Thunderbird from the menu. If the menu is not displayed, press the Alt-key on the keyboard to display it.
The window that opens displays the current version and a check for updates is run. Thunderbird 92.x users who want to upgrade to version 102 need to download the installer from the official project website instead to do so.
Thunderbird 102.1.0: security update
The official security advisories page lists four security vulnerabilities that affect earlier versions of the Thunderbird email client. The highest severity rating is high, the second-highest after critical.
Thunderbird shares its code base with Firefox, and several of the vulnerabilities do not affect Thunderbird as much as they do Firefox.
In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.
Here is the list of vulnerabilities:
- CVE-2022-2505: Memory safety bugs fixed in Thunderbird 102.1 (HIGH)
- CVE-2022-36314: Opening local <code>.lnk</code> files could cause unexpected network loads
- CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters
- CVE-2022-36319: Mouse Position spoofing with CSS transforms
None of the security vulnerabilities are exploited actively.
Thunderbird 102.1.0 makes the following non-security changes:
- POP message downloads were not displayed by the Activity Manager.
- Mail Folder Properties dialog display issue that cut off content.
- News messages that expired did not show an error message.
- The column picker of the Calendar closed prematurely "after selecting/deselecting a single column".
- Various unspecified user interface improvements.
Thunderbird users may want to upgrade the email client as early as possible to address the security issues.
Now You: do you run Thunderbird? If so, which version?Advertisement