Thunderbird 102.6.0: Mozilla fixes issues and closes security holes

Mozilla fixes numerous problems in its free email client Thunderbird and, with the update to the latest version 102.6.0, also closes a total of seven security vulnerabilities, four of which have a risk rating of “High”. There are corrections for OpenPGP and the synchronization of vCards.

Product maintenance for Thunderbird

With the latest version, the Mozilla Foundation fixes seven known issues affecting OpenPGP, a data format for encrypted and digitally signed data, the digital business cards (“vCards”), the RSS feed, and the user interface and experience (“UI/UX”). ) affect.

The official release notes of Thunderbird 102.6.0 for Windows 7, Windows 10 and Windows 11 as well as macOS and Linux read as follows:

• Import of OpenPGP secret keys failed if a public key with a public subkey already existed.
• Message index files were erroneously deleted when too many folders were open.
• Thunderbird sometimes incorrectly formatted synced vCards.
• Recurring events stopped appearing after a certain number of repetitions.
• Cookies that were deleted in the “Show cookies” dialog were not actually deleted.
• Paused RSS feeds did not actually have their updates paused.
• Various visual and UX improvements.

Security updates for Thunderbird

In addition, the developers were able to close a total of seven security gaps, which can be found in detail in the current Mozilla Foundation Security Advisory 2022-53 and no longer appear in version 102.6.0.

Among other things, the following vulnerabilities in the e-mail client were closed:

• CVE-2022-46880: Use after free in WebGL [Hoch]
• CVE-2022-46881: Memory corruption in WebGL [Hoch]
• CVE-2022-46882: Use after free in WebGL [Hoch]
• CVE-2022-46878: Memory safety bugs fixed in Thunderbird 102.6 [Hoch]
• CVE-2022-46872: Arbitrary file read from a compromised content process [Mittel]
• CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions [Mittel]
• CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS [Mittel]

A corresponding update is already being rolled out via Thunderbird’s integrated update function.

Download on ComputerBase

As usual, Thunderbird 102.6.0 can be downloaded from the ComputerBase download area directly below this message. As an alternative, Betterbird, a fork of the e-mail client, is available for download. Corresponding beta versions are also available for particularly experienced users.