Thunderbird 137.0 and 128.9.0 ESR with up to 7 security fixes and many changes

Thunderbird 137.0 and 128.9.0 ESR with up to 7 security fixes and many changes

Mozilla has updated Thunderbird, just like Firefox, to version 137.0 (monthly release) and 128.9.0 ESR. In addition to the security fixes, Thunderbird 128.9.0 ESR includes a new feature: a real-time notification system for desktop alerts.

First, let me point out that Mozilla will soon be offering some new features as Thunderbird Pro for a fee. This does not affect Thunderbird and its features. The Pro features include Thundermail as an email service, Thunderbird Send for sharing data, and Thunderbird Assist for using AI. You can read the whys and wherefores here.

A total of seven security vulnerabilities were fixed. Three of them were rated "high." Since the release notes for the 128.9.0 ESR are shorter, we'll start with those.

• Fixed data corruption when compressing the IMAP Drafts folder after saving a message
• Right-clicking on an attachment file and selecting “Decrypt and save as…” failed.
• Thunderbird could crash when importing emails
• Sorting indicators were missing in the list of calendar events.
• Security fixes

Thunderbird 137.0 Fixes and Changes

• File names are now used when saving email folders (Windows only).
• The Linux system tray icon has been disabled until it is functional.
• In-app notifications were not displayed correctly in high contrast mode.
• The repair folder did not fix mbox files created on MacOS prior to Thunderbird 1.0.
• Entries in the edit menu were missing when the group header was selected in the Grouped by Sort view.
• The IMAP folder "Do not delete" performed "Delete" when mixed messages were selected.
• In RSS feeds, the spacebar did not scroll the message as it did in emails.
• Slow performance when opening an .eml file in a profile with many folders.
• The topic search view did not update correctly when sorted by date received.
• The line spacing in the message list changed unexpectedly with the default font size.
• The saved message list selection was discarded when the user made a new selection.
• Replying from local or unified folders failed when the message window was hidden.
• The message window strings were used in the wrong places.
• Importing an OpenPGP public key containing spaces failed.
• An attached signed OpenPGP .eml message could not be opened.
• Right-clicking on an attached file and selecting “Decrypt and save as…” failed.
• Searching during exit could cause a crash.
• A failed message send could cause the compose window to close unexpectedly.
• A corrupted address book database prevented emails from being sent.
• Forwarding messages as attachments could use the wrong MIME type.
• Two-factor authentication via text or email did not work with Office 365 using OAuth2.
• The account settings menu could load twice.
• There was no gap between the back and forward buttons in the feed account wizard.
• Thunderbird could crash when importing emails
• The address book could not be automatically detected on the Radicale server.
• Mark-Of-The- Web was not applied to attachments saved via drag and drop.
• Some messages could not be scrolled due to hidden overflows in inline styles.
• Clicking a 'mid:' link could clear the thread window and cause errors.
• Performance when moving/copying messages on Windows decreased.
• Automatic compression did not attempt to compress all folders when an error occurred.
• Slow performance when moving bulk messages from IMAP to local.
• Crossposting of news articles was not possible if newsgroups were located on different servers.
• The IRC channel was not visible after a restart.
• It was not possible to view the full certificate chain using the View Signature button.
• Visual and UX improvements
• Security fixes

Information and download:

• mozilla.org/security
• thunderbird.net/thunderbird/137.0/releasenotes
• mozilla.net//thunderbird/releases/137.0
• thunderbird.net/thunderbird/128.9.0esr/releasenotes
• mozilla.net/thunderbird/releases/128.9.0esr