Mozilla has released the yearly major update for its Thunderbird email client. The latest version Thunderbird 102 arrives with numerous feature upgrades, UI improvements, and security bug fixes.
Thunderbird 102 New Features
According to the details shared via a blog post, Mozilla’s Thunderbird 102 release has brought many “highly-requested features” with it.
Here’s a quick list of feature upgrades with the latest release.
- Revamped Address Book: new UI/UX design with more information fields, vCard compatibility for swift contact exports, and quick messaging and event creation options.
- Central Spaces Toolbar: Customizable Spaces Toolbar as a central access point to key app features like Mail, Address Book, Calendar, Chat, Tasks, and add-ons. The dedicated “Space Toolbar Settings” options also allow color customization.
- Import/Export Wizard: The latest Thunderbird 102 addresses the limitation of using add-ons for importing or exporting data by introducing a dedicated feature (with dark-mode support).
- Redesigned Message Header: The new header design lets the users customize header appearance and choose the details they want to see.
- Matrix Chat Support: The new Thunderbird 102 comes integrated with the decentralized chat protocol Matrix.
Security Bug Fixes
Alongside feature updates, the new Thunderbird also comes with multiple security patches. According to Mozilla’s advisory, the firm patched at least 10 different vulnerabilities with the latest release. These include 4 high-severity bugs and 6 moderate-severity flaws.
A noteworthy bug among these includes CVE-2022-34479, which allowed creating malicious pop-up windows. Nonetheless, it only affected the Thunderbird client for Linux systems. As described,
A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks.
Other high-severity vulnerabilities affecting all Thunderbird clients include,
- CVE-2022-34470: use after free flaw in nsSHistory
- CVE-2022-34468: an iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link
- CVE-2022-34484: Memory safety bugs fixed in Thunderbird 91.11 and Thunderbird 102
Since the latest release is out, users must rush to update their systems with the Thunderbird 102 clients.