Thunderbird Changelog

What's new in Thunderbird 60.4.0

December 21st, 2018
  • New:
  • WebExtensions FileLink API to facilitate FileLink add-ons for WeTransfer and Dropbox (forthcoming)
  • Fixed:
  • Decoding problems for messages with less common charsets (cp932, cp936)
  • New messages in the drafts folder (and other special or virtual folders) will no longer be included in the new messages notification

New in Thunderbird 60.3.3 (December 6th, 2018)

  • Fixed:
  • Under some circumstances Thunderbird on Mac will send attachments using the so-called AppleDouble format which can lead to problems with mail servers and recipients
  • Encoding problems when exporting address books or messages using the system charset. Messages are now always exported using the UTF-8 encoding.
  • If the "Date" header of a message was invalid, Jan 1970 or Dec 1969 was displayed. Now using date from "Received" header instead.
  • Body search/filtering didn't reliably ignore content of tags
  • Inappropriate warning "Thunderbird prevented the site (addons.thunderbird.net) from asking you to install software on your computer" when installing add-ons
  • Incorrect display of correspondents column since own email address was not always detected
  • Spurious (encoded newline) inserted into drafts and sent email
  • New email not inserted in correct sort order in threaded unified view or search folder

New in Thunderbird 60.3.2 (December 2nd, 2018)

  • Fixed:
  • Under some circumstances Thunderbird on Mac will send attachments using the so-called AppleDouble format which can lead to problems with mail servers and recipients
  • Encoding problems when exporting address books or messages using the system charset. Messages are now always exported using the UTF-8 encoding.
  • If the "Date" header of a message was invalid, Jan 1970 or Dec 1969 was displayed. Now using date from "Received" header instead.
  • Body search/filtering didn't reliably ignore content of tags
  • Inappropriate warning "Thunderbird prevented the site (addons.thunderbird.net) from asking you to install software on your computer" when installing add-ons
  • Incorrect display of correspondents column since own email address was not always detected
  • Spurious (encoded newline) inserted into drafts and sent email
  • New email not inserted in correct sort order in threaded unified view or search folder

New in Thunderbird 60.3.1 (November 20th, 2018)

  • Fixed:
  • Double-clicking on a word in the Write window sometimes launched the Advanced Property Editor or Link Properties dialog
  • Cookie removal (not working since Thunderbird version 52)
  • "Download rest of message" not working if global inbox was used
  • Encoding problems for users (especially in Poland) when a file was sent via a folder using "Sent to > Mail recipient" due to a problem in the Thunderbird MAPI interface
  • According to RFC 4616 and RFC 5721, passwords containing non-ASCII characters are encoded using UTF-8 which can lead to problems with non-compliant providers, for example office365.com. The SMTP LOGIN and POP3 USER/PASS authentication methods are now using a Latin-1 encoding again to work around this issue.
  • Shutdown crash/hang after entering an empty IMAP password

New in Thunderbird 60.3.0 (November 1st, 2018)

  • Fixed:
  • Various Theme fixes where incorrect colors, backgrounds, etc. were displayed
  • Add-on Options menu not working on Mac
  • Shift+PageUp/PageDown in Write window
  • Saving content of Write windows didn't overwrite existing file
  • Issues related to "Edit Template" command
  • Gloda attachment filtering
  • Mailing list address auto-complete enter/return handling
  • Thunderbird hung if HTML signature references non-existent image
  • Filters not working for headers that appear more than once

New in Thunderbird 60.2.1 (October 3rd, 2018)

  • Changed:
  • Calendar: Default values for the first day of the week and working days are now derived from the selected datetime formatting locale (restart after changing locale in the OS required)
  • Calendar: Switch to a Photon-style icon set for all platforms
  • Fixed:
  • Multiple requests for master password when Google Mail or Calendar OAuth2 is enabled
  • Scrollbar of the address entry auto-complete popup does not work
  • Security info dialog in compose window does not show certificate status
  • Links in the Add-on Manager's search results and theme browsing tabs open in external browser
  • Localized versions of Thunderbird didn't show a localized name for the "Drafts" and "Sent" folders for certain IMAP providers (particularly in France)
  • Replying to a message with an empty subject inserted Re: twice (not working in Thunderbird 60.0)
  • Spellcheck marks disappeared erroneously for words with an apostrophe (not working in Thunderbird 60.0)
  • Calendar: First day of the week cannot be set
  • Calendar: Several fixes related to cutting/deleting of events and email scheduling

New in Thunderbird 60.0 (August 6th, 2018)

  • NEW: When writing a message, a delete button now allows the removal of a recipient. This delete button is displayed when hovering the To/Cc/Bcc selector.
  • NEW: Many improvements to attachments handling during compose: Attachments can now be reordered using a dialog, keyboard shortcuts, or drag and drop. The "Attach" button moved to the right to be above the attachment pane. The access key of the attachment pane (e.g. Alt+M, may vary depending on localization, Ctrl+M on Mac) now also works to show or hide the pane. The attachment pane can also be shown initially when composing aNEW message. Right-click on the header to enable this option. Hiding a non-empty attachment pane will now show a placeholder paperclip to indicate the presence of attachments and avoid sending them accidentally.
  • NEW: "Edit Template" command. This also solves various problems when saving as template (duplicates created, message ID lost).
  • NEW: "New Message from Template" command
  • NEW: Allow changing the Spellcheck Language from status bar
  • NEW: Light and Dark themes
  • NEW: WebExtension themes are now enabled in Thunderbird
  • NEW: A default startup directory in the address book window can now be configured
  • NEW: Individual feed update interval
  • NEW: An option under "Tools > Options, Advanced, General" now allows to select whether date/time display will follow the application locale (adjusted by operating system's format settings for that locale) or the locale selected in the operating system's regional settings. In other words, an US English Thunderbird can use, for example, German formats.
  • NEW: OAuth2 authentication for Yahoo and AOL
  • NEW: FIDO U2F support
  • NEW: Thunderbird now allows the conversion of folders from mbox to maildir format and vice versa. This is an experimental feature that needs to be enabled by setting the preference mail.store_conversion_enabled. Note that this functionality does not not work if the option "Allow Windows Search/Spotlight to search messages" is selected.
  • NEW: Calendar: Allow copying, cutting or deleting of a selected occurrence or the entire series for recurring events
  • NEW: Calendar: Provide an option to display locations for events in calendar day and week views
  • NEW: Calendar: Provide the ability for sending/not sending meeting notifications directly instead of showing a popup
  • NEW: Calendar: Option to select the target calendar when pasting an event or task
  • NEW: Calendar: Allow email scheduling for CalDAV servers supporting server-side scheduling
  • NEW: Thunderbird Chat now contains multiple built-in message themes
  • CHANGED: IMPORTANT: Add-ons not marked as compatible with Thunderbird 60 by their authors will be disabled (this can be reverted via preference extensions.strictCompatibility)
  • CHANGED: IMAP: When after sending a message storing that sent message fails, the message can now be stored in a local folder
  • CHANGED: Add-on options can no longer be configured from the Add-on Manager page. ANEW menu item "Add-on Options" is now available on the Tools menu.
  • CHANGED: When messages are composed in paragraph format, "body text" and split mail quotes are converted to paragraphs when pressing the enter key
  • CHANGED: "Edit AsNEW Message" will now use the account's default compose format, either HTML or plain text ignoring the format of the message. Plain text messages will be converted to HTML and vice versa. Then using the modifier, the format choice will be reverted.
  • CHANGED: The "Edit Draft" command now also honors the use of the shift key to convert HTML to plain text or vice versa when editing a draft
  • CHANGED: The plain text to HTML conversion has been improved where such a conversion is necessary for "Edit AsNEW Message" or when the shift modifier is used for "Edit Draft" or "New Message from Template".
  • CHANGED: During address entry, the matching part of the address is now shown in bold. Preference mail.autoComplete.commentColumn allows to display the address book where the address is stored.
  • CHANGED: When attaching a message via drag and drop, the subject of the message is now used as attachment name instead of "Attached Message"
  • CHANGED: Better address book photo handling: Photos can be added by drag and drop and a copy of all photos will be stored in the Thunderbird profile
  • CHANGED: On first start, Thunderbird now shows the account setup dialog, no longer the account provisioner dialog
  • CHANGED: Thunderbird follows Firefox' Photon design with rectangular tabs and many other theme improvements
  • CHANGED: When customizing the From: address, Thunderbird will now use this address for the SMTP "MAIL FROM" command. Previously the address configured in the identity was used. The preference mail.smtp.useSenderForSmtpMailFrom allows return to the previous behavior.
  • CHANGED: Native notifications on Linux are now re-enabled
  • CHANGED: Thunderbird now uses Mozilla's latest proxy technology (add-on FoxyProxy now supported)
  • CHANGED: Thunderbird now uses the latest Rust-based Mozilla technology, including Quantum's CSS engine (based on Servo) and encoding_rs, for displaying and encoding messages
  • CHANGED: Calendar: Removal of capability to send email invitations compatible to Outlook 2002 and earlier
  • CHANGED: Calendar: Reminders on read-only calendars can now be dismissed, while reminders for missed events will now only be displayed for writable calendars if option "Show missed reminders for writable calendars" is selected
  • CHANGED: Thunderbird Chat: Nicknames inside of messages are colored to match the participants list
  • FIXED: When many Thunderbird clients or other email clients accessed the same IMAP draft folder, messages were sometimes sent with the wrong identity. This has been corrected and the user will be notified if none of their identities matches the draft.
  • FIXED: Various problems related to handling the IMAP trash folder: Under certain circumstances the selection of the trash folder didn't persist, for example when the name contained non-ASCII characters, or in localized versions of Thunderbird. At times unwanted additional trash folders were created. Selection of a trash folder didn't give immediate visual feedback.
  • FIXED: Shared IMAP folders not shown in subscribe dialog under some circumstances
  • FIXED: Messages moved between IMAP accounts were missing parts (embedded content or attachments) under some circumstances
  • FIXED: Improvements encoding/decoding message headers
  • FIXED: Text in the address book card view wasn't selectable
  • FIXED: Passwords can now contain non-ASCII characters, like international characters, for example áäß, and symbols, for example €§
  • FIXED: Outlook import. Note: Mail, address book and settings need to be imported individually as "Import Everything" currently does not work.
  • FIXED: Localised versions of Thunderbird didn't show a localised name for Hotmail's "Deleted" folder
  • FIXED: Contacts sidebar: Selection and context menu behavior
  • FIXED: Better error handling for Gmail authentication to avoid re-downloading of folders
  • FIXED: Thunderbird used a stale cached password after user edited a saved password
  • FIXED: Calendar: Wrong time formatting for some time zones
  • FIXED: Calendar: Can't copy information from event dialog for received invitations

New in Thunderbird 60.0 RC 1 (July 16th, 2018)

  • NEW: When writing a message, a delete button now allows the removal of a recipient. This delete button is displayed when hovering the To/Cc/Bcc selector.
  • NEW: Further improvements to attachments handling during compose: "Attach" button moved to the right to be above the attachment pane. Alt+M now allows to show the attachment pane. The attachment pane can also be shown initially when composing a new message. Right-click on the header to enable this option. It is now also impossible to completely collapse a non-empty attachment pane. That protects against attachments accidentally being sent.
  • NEW: Thunderbird now allows the conversion of folders from mbox to maildir format and vice versa. This is an experimental feature that needs to be enabled by setting the preference mail.store_conversion_enabled. Note that this functionality does not not work if the option "Allow Windows Search/Spotlight to search messages" is selected.
  • NEW: Light and Dark themes
  • NEW: WebExtension themes are now enabled in Thunderbird
  • NEW: FIDO U2F support
  • NEW: Calendar: Allow copying, cutting or deleting of a selected occurrence or the entire series for recurring events
  • NEW: Calendar: Provide an option to display locations for events in calendar day and week views
  • NEW: Calendar: Provide the ability for sending/not sending meeting notifications directly instead of showing a popup
  • CHANGED: IMPORTANT: Add-ons not marked as compatible with Thunderbird 60 by their authors will be disabled (this can be reverted via preference extensions.strictCompatibility)
  • CHANGED: Thunderbird will now prompt to compact IMAP folders even if the account is online. Note: Under certain circumstances an incorrect estimate of the expected gain is shown.
  • CHANGED: Better address book photo handling: Photos can be added by drag and drop and a copy of all photos will be stored in the Thunderbird profile
  • CHANGED: Native notifications on Linux are now re-enabled
  • CHANGED: During address entry, the matching part of the address is now shown in bold. Preference mail.autoComplete.commentColumn allows to display the address book where the address is stored.
  • CHANGED: Calendar: Removal of capability to send email invitations compatible to Outlook 2002 and earlier
  • FIXED: Various problems when forwarding messages inline: Some introduced in Thunderbird 60 beta 7, some dating back to 2005 when using "simple" HTML view.
  • FIXED: The IMAP and News subscribe dialog did not present a folder tree (not working since Thunderbird version 59)
  • FIXED: Messages moved between IMAP accounts were missing parts (embedded content or attachments) under some circumstances
  • FIXED: Better error handling for Gmail authentication to avoid re-downloading of folders
  • FIXED: Text in the address book card view wasn't selectable
  • FIXED: UTF-7 support (not working since Thunderbird version 56)
  • FIXED: Complete fix of the EFAIL vulnerability: 1) Removing some HTML crafted to carry out an attack. 2) Not decrypting subordinate message parts that otherwise might reveal decrypted content to the attacker. Preference mailnews.p7m_subparts_external controls this.
  • FIXED: Thunderbird used a stale cached password after user edited a saved password
  • FIXED: The new menu item "Add-on Options" introduced in Thunderbird 59 beta is now also working on Mac
  • FIXED: Source view not working for JS, XML, CSS, etc. source files via 'Developer Tools > Error Console'. Other options: 1) Set preference view_source.editor.external and view_source.editor.path to view the source in the editor of your choice. 2) Use 'Developer Tools > Developer Toolbox, Console'. (not working in earlier versions of Thunderbird 60 beta)
  • FIXED: Deleting or detaching attachments corrupted messages under certain circumstances (not working in earlier versions of Thunderbird 60 beta)
  • FIXED: Calendar: Google account credentials not retained by Lightning
  • KNOWN ISSUES:
  • UNRESOLVED:Provider for Google Calendar not available
  • UNRESOLVED:CalDav access to some servers not working. Workaround: Set preference network.cookie.same-site.enabled to false.

New in Thunderbird 52.9.1 (July 10th, 2018)

  • Changed:
  • Thunderbird will now prompt to compact IMAP folders even if the account is online
  • Fixed:
  • Complete fix of the EFAIL vulnerability: 1) Removing some HTML crafted to carry out an attack. 2) Optionally: Not decrypting subordinate message parts that otherwise might reveal decrypted content to the attacker. Preference mailnews.p7m_subparts_external needs to be set to true for added security.
  • Various problems when forwarding messages inline when using "simple" HTML view
  • Deleting or detaching attachments corrupted messages under certain circumstances (not working only in Thunderbird version 52.9.0)

New in Thunderbird 52.9.0 (July 4th, 2018)

  • Changed:
  • Thunderbird will now prompt to compact IMAP folders even if the account is online
  • Fixed:
  • Complete fix of the EFAIL vulnerability: 1) Removing some HTML crafted to carry out an attack. 2) Optionally: Not decrypting subordinate message parts that otherwise might reveal decryted content to the attacker. Preference mailnews.p7m_subparts_external needs to be set to true for added security.
  • Various problems when forwarding messages inline when using "simple" HTML view
  • Various security fixes:
  • CVE-2018-12359: Buffer overflow using computed size of canvas element
  • CVE-2018-12360: Use-after-free when using focus()
  • CVE-2018-12372: S/MIME and PGP decryption oracles can be built with HTML emails
  • CVE-2018-12373: S/MIME plaintext can be leaked through HTML reply/forward
  • CVE-2018-12362: Integer overflow in SSSE3 scaler
  • CVE-2018-12363: Use-after-free when appending DOM nodes
  • CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins
  • CVE-2018-12365: Compromised IPC child process can list local filenames
  • CVE-2018-12366: Invalid data handling during QCMS transformations
  • CVE-2018-12368: No warning when opening executable SettingContent-ms files
  • CVE-2018-12374: Using form to exfiltrate encrypted mail part by pressing enter in form field
  • CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, Firefox ESR 52.9, and Thunderbird 52.9

New in Thunderbird 52.8.0 (May 19th, 2018)

  • Various security fixes:
  • #CVE-2018-5183: Backport critical security fixes in Skia
  • #CVE-2018-5184: Full plaintext recovery in S/MIME via chosen-ciphertext attack
  • #CVE-2018-5154: Use-after-free with SVG animations and clip paths
  • #CVE-2018-5155: Use-after-free with SVG animations and text paths
  • #CVE-2018-5159: Integer overflow and out-of-bounds write in Skia
  • #CVE-2018-5161: Hang via malformed headers
  • #CVE-2018-5162: Encrypted mail leaks plaintext through src attribute
  • #CVE-2018-5170: Filename spoofing for external attachments
  • #CVE-2018-5168: Lightweight themes can be installed without user interaction
  • #CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension
  • #CVE-2018-5185: Leaking plaintext through HTML forms
  • #CVE-2018-5150: Memory safety bugs fixed in Firefox 60, Firefox ESR 52.8, and Thunderbird 52.8

New in Thunderbird 60.0b2 Beta (April 5th, 2018)

  • Bug 1447263 - Snap: Split build and upload task
  • bug 1443336 - set snap to treeherder tier 2.
  • Bug 1447263 - Snap: Split build and upload task
  • Bug 1425197 - Add additional checks of the target URL in the inspectedWindow devtools actor.
  • Bug 1446445 - app.normandy.first_run should default to true
  • Bug 1346535 - atk: Introduce U+FEFF characters to match AT-SPI offsets with DOM offsets.
  • Bug 1444547 - Propagate proper error codes from u2f-hid-rs to WebAuthn
  • Bug 1397757 Add Learn More link for the Canvas Permission Prompt
  • Bug 1449042: Negotiate tracks even when they're not active.
  • Bug 1414693 - Fix findbar buttons hover feedback when using a dark lightweight theme.

New in Thunderbird 59.0b2 Beta (March 1st, 2018)

  • New:
  • Further improvements to reordering attachments (introduced in Thunderbird 58 beta), including reordering by drag & drop
  • Edit Template command. This also solves various problems when saving as template (duplicates created, message ID lost).
  • Calendar: Option to select the target calendar when pasting an event or task
  • Changed:
  • Add-on options can no longer be configured from the Add-on Manager page. A new menu item "Add-on Options" is now available on the Tools menu.
  • When customizing the From: address, Thunderbird will now use this address for the SMTP "MAIL FROM" command. Previously the address configured in the identity was used. The preference mail.smtp.useSenderForSmtpMailFrom allows return to the previous behavior.
  • Various updates to the Thunderbird theme. Thunderbird now uses Photon Icons.
  • Calendar: Reminders on read-only calendars can now be dismissed, while reminders for missed events will now only be displayed for writable calendars if option "Show missed reminders for writable calendars" is selected
  • Fixed:
  • Various problems related to handling the IMAP trash folder: Under certain circumstances the selection of the trash folder didn't persist, for example when the name contained non-ASCII characters, or in localized versions of Thunderbird. At times unwanted additional trash folders were created. Selection of a trash folder didn't give immediate visual feedback.
  • Searching message bodies of messages in local folders, including filter and quick filter operations, did not find content in message attachments
  • Shared IMAP folders not shown in subscribe dialog under some circumstances
  • Calendar: Wrong time formatting for some time zones
  • Known Issues:
  • The IMAP and News subscribe dialogue now presents a flat list of folders instead of a folder tree. This will be restored to its original form in the next release.

New in Thunderbird 52.6.0 (January 26th, 2018)

  • Fixed:
  • Searching message bodies of messages in local folders, including filter and quick filter operations, not working reliably: Content not found in base64-encode message parts, non-ASCII text not found and false positives found.
  • Defective messages (without at least one expected header) not shown in IMAP folders but shown on mobile devices
  • Calendar: Unintended task deletion if numlock is enabled
  • Various security fixes:
  • CVE-2018-5095: Integer overflow in Skia library during edge builder allocation
  • CVE-2018-5096: Use-after-free while editing form elements
  • CVE-2018-5097: Use-after-free when source document is manipulated during XSLT
  • CVE-2018-5098: Use-after-free while manipulating form input elements
  • CVE-2018-5099: Use-after-free with widget listener
  • CVE-2018-5102: Use-after-free in HTML media elements
  • CVE-2018-5103: Use-after-free during mouse event handling
  • CVE-2018-5104: Use-after-free during font face manipulation
  • CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right
  • CVE-2018-5089: Memory safety bugs fixed in Firefox 58, Firefox ESR 52.6, and Thunderbird 52.6

New in Thunderbird 52.5.2 (December 22nd, 2017)

  • Fixed:
  • This releases fixes the "Mailsploit" vulnerability and other vulnerabilities detected by the "Cure53" audit.

New in Thunderbird 52.5.0 (November 24th, 2017)

  • New:
  • Better support for Charter/Spectrum IMAP: Thunderbird will now detect Charter's IMAP service and send an additional IMAP select command to the server. Check the various preferences ending in "force_select" to see whether auto-detection has discovered this case.
  • Fixed:
  • In search folders spanning multiple base folders clicking on a message sometimes marked another message as read
  • IMAP alerts have been corrected and now show the correct server name in case of connection problems
  • POP alerts have been corrected and now indicate connection problems in case the configured POP server cannot be found
  • Various security fixes.

New in Thunderbird 58.0b1 Beta (November 23rd, 2017)

  • Bug 1415541 - No need to destroy frames if Destroy was called on the shell.
  • Bug 1417010 - Invalidate MathML display items whenever we invalidate the referenced nsMathMLChar.
  • Bug 1417442 - P4. Indicate surface type in decoder description.
  • Bug 1417442 - P3. Don't enable nv12 surfaces if we failed to parse the version string.
  • Bug 1417442 - P2. Fix nsIGfxInfo in GPU process. r=dvander, a=sledru
  • Bug 1417442 - P1. Don't attempt to initialize MediaPrefs in the GPU process.
  • Bug 1416448 - Don't update the ASR during merging for an empty container item, since we can't compute the ASR of the contents. r=miko
  • Bug 1416028 - Prevent browser_pluginCrashedCommentAndURL.js from leaking crash dump files.
  • Bug 1378524 - Fix "TypeError: tab is null" exception raised from browser_inspector_extension_sidebar.js when running on beta.
  • Bug 1418227 - Socket timeout is lost in TcpTransport.connect().
  • Bug 1418227 - Indicate that sock instance is private.
  • Bug 1418227 - TcpTransport.sock should not be used by consumers.
  • Backed out changesets cdaf608ce668 and 001b6191ff91 (bug 1416448) for build bustage. r=backout a=backout on a CLOSED TREE
  • Bug 1416448 - Don't update the ASR during merging for an empty container item, since we can't compute the ASR of the contents: fix merge conflict. r=bustage-fix a=bustage-fix on a CLOSED TREE
  • Bug 1412090 - patch 4 - Also adopt the ContentParent::NotifyUpdatedFonts method on macOS, so that only the parent process needs to register with CFNotificationCenter for font-changed notifications.
  • Bug 1412090 - patch 3 - Check the sandbox policy to verify font files will be readable by the content process before including them in the system font list.
  • Bug 1412090 - patch 2.1 - Work around FcNameParse bug in fontconfig versions around 2.11.0, by escaping any leading space in the encoded charset element.

New in Thunderbird 52.4.0 (October 7th, 2017)

  • New: In Thunderbird 52 a new behavior was introduced for replies to mailing list posts: "When replying to a mailing list, reply will be sent to address in From header ignoring Reply-to header". A new preference mail.override_list_reply_to allows to restore the previous behavior.
  • Fixed: Under certain circumstances (image attachment and non-image attachment), attached images were shown truncated in messages stored in IMAP folders not synchronised for offline use.
  • Fixed: IMAP UIDs > 0x7FFFFFFF not handled properly
  • Fixed: Various security fixes, details at http://www.mozilla.org/en-US/security/advisories/mfsa2017-20/

New in Thunderbird 56.0b3 Beta (August 21st, 2017)

  • Bug 1390002 - There are some paths to find out if dwrite is enabled, which inits gfxPlatform, which requires information from PopulateScreenInfo, which depends on the refresh driver existing. At this time however, we haven't initialized our vsync source so we crash. This moves vsync initialization earlier in the gfx pipelineBug 1388166 - Handle case where chromeWin.getBrowser() doesn't exist.
  • Bug 1350152 - Don't rely on gBrowser in nsLoginManagerPrompter.js
  • Bug 1387524 - Back out removal of MOZ_PRETTY to build Thunderbird 56 beta.
  • Bug 1388319 - Mark ServoStyleSet dirty in its Init
  • Bug 1376754 - Remove hide event target flag from accessible when event is dropped.
  • Bug 1389300 - Don't mix style backend types in nsComputedDOMStyle.
  • Bug 1389300 - Inherit style backend into NS_NewDOMDocument.
  • Bug 1390002 - There are some paths to find out if dwrite is enabled, which inits gfxPlatform, which requires information from PopulateScreenInfo, which depends on the refresh driver existing. At this time however, we haven't initialized our vsync source so we crash. This moves vsync initialization earlier in the gfx pipeline.
  • Bug 1363723 - Preserve array in aria owns hash
  • Bug 1384944 - Replace NS_ConvertASCIItoUTF16 by NS_ConvertUTF8toUTF16.
  • Bug 1382057 - Skip browser_applications_selection.js on Linux. a=test-only
  • Bug 1254136 - Fix double registration for sessionstore-windows-restored.

New in Thunderbird 52.3.0 (August 21st, 2017)

  • Various security fixes
  • Large attachments taking a long time to open under some circumstances
  • No authorisation prompt displayed when inserting image into email body although image URL requires authentication
  • Selected text from another message sometimes included in a reply
  • Inline images not scaled to fit when printing
  • Message disposition flag (replied / forwarded) lost when reply or forwarded message was stored as draft and draft was sent later
  • Deleting message from the POP3 server not working when maildir storage was used
  • Unwanted inline images shown in rogue SPAM messages

New in Thunderbird 56.0b2 Beta (August 10th, 2017)

  • Bug fixes:
  • Bug 1386027 - Simplify handleError interfaces for SessionCallback and TelemetryCollector.
  • Bug 1365556 - Invalidate widget style contexts after their ancestors are set.
  • Bug 1385123 - [Onboarding] Fix word wrapping when focusing on tour items under some languages
  • Bug 1388166 - Handle case where chromeWin.getBrowser() doesn't exist.
  • Bug 1385902 - Extend the width of preferences search field.
  • Bug 1386960 - Call nsTextInputListener's callback manually after using the non-transaction based editor code path for setting values of input controls.
  • Bug 1384655 - Remove obsolete latency measuring macros in downstream code we don't use anymore
  • Bug 1387890 - Pass parentId for tabs opened by webextensions on Android.
  • Bug 1387207 - Exclude code of GeckoHLS-related components if ExoPlayer source code is not included.
  • Bug 1387182 - Fix border (empty space) compensation when dragging items in customize mode in RTL.
  • Bug 1386533 - Fix host permitted matching.
  • Bug 1386323 - Perform HTTP response throttling only for a limited time after new transactions are actived
  • Bug 1387090 - Properly handle DontThrottle flag in all places in nsHttpTransaction.
  • Bug 1386558 - Check sandboxing level 2 after permissions are available.
  • Bug 1386915 - Add nsLookAndFeel::NativeInit() virtual call for initializing native-side state.

New in Thunderbird 56.0b1 Beta (August 7th, 2017)

  • Fixed bugs:
  • Bug 1275423 - Update failing DSA signature tests
  • Bug 1385864 - Drop invalid optional_permissions from manifests.
  • Bug 1386560 - Fix the typo of firefoxAccountCategory header's class list because all level 1 headers should have the subcategory class.
  • Bug 1386305 - (DLC) Remove outdated bootstrap catalog.
  • Bug 1375490 - Part 2: Support alerts in OOP extension sidebars.
  • Bug 1386737 - Fix broken top sites with pinned links lacking title for Activity Stream.
  • Bug 1386182 - Set FeatureState after EnableByDefault() in gfxWindowsPlatform::InitializeD3D11Config. r=jerry, a=lizzard
  • Bug 1386314 - Add default icons, enable snippets and bug fixes to Activity Stream.
  • Bug 1385090 - Pass Remote Pages instance from AboutNewTab on override.
  • Bug 1386350 - Turn off snippets in activity stream for tests.
  • Bug 1386265 - Exclude tippy top images directory from browser_all_files_referenced.js.
  • Bug 1380449 - Do not clone when not in a Web Extension.
  • Bug 1384560 - Annotate crash reports with accessibility client information.
  • Bug 1387004 - Part 2: Record credit card enable state in TelemetryEnvironment.
  • Bug 1387004 - Part 1: Add credit card enabled pref.
  • Bug 1352711 - Add a notifications.onShown event and use it to fix an intermittent in test_ext_notifications.html.
  • Bug 1365505 - Part 2: Turn on the pref for hls not only on nightly.
  • Bug 1365505 - Part 1: Make the feature flag be exposed not only on nightly.

New in Thunderbird 52.2.1 (June 24th, 2017)

  • Fixed:
  • Problems with Gmail (folders not showing, repeated email download, etc.) introduced in version 52.2.0.
  • Known Issues:
  • Multiple requests for master password when GMail OAuth2 is enabled

New in Thunderbird 52.2.0 (June 15th, 2017)

  • What’s New:
  • Fixed: Embedded images not shown in email received from Hotmail/Outlook webmailer
  • Fixed: Detection of non-ASCII font names in font selector
  • Fixed: Attachment not forwarded correctly under certain circumstances
  • Fixed: Multiple requests for master password when GMail OAuth2 is enabled
  • Fixed: Large number of blank pages being printed under certain circumstances when invalid preferences were present
  • Fixed: Messages sent via the Simple MAPI interface are forced to HTML
  • Fixed: Calendar: Invitations can't be printed
  • Fixed: Mailing list (group) not accessible from macOS or Outlook address book
  • Fixed: Clicking on links with references/anchors where target doesn't exist in the message not opening in external browser
  • Various security fixes:
  • CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
  • CVE-2017-7749: Use-after-free during docshell reloading
  • CVE-2017-7750: Use-after-free with track elements
  • CVE-2017-7751: Use-after-free with content viewer listeners
  • CVE-2017-7752: Use-after-free with IME input
  • CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
  • CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors
  • CVE-2017-7757: Use-after-free in IndexedDB
  • CVE-2017-7778: Vulnerabilities in the Graphite 2 library
  • CVE-2017-7758: Out-of-bounds read in Opus encoder
  • CVE-2017-7763: Mac fonts render some unicode characters as spaces
  • CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks
  • CVE-2017-7765: Mark of the Web bypass when saving executable files
  • CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2, and Thunderbird 52.2
  • Known Issues:
  • Links in news messages including "remove all expired articles" not working

New in Thunderbird 54.0b3 Beta (June 2nd, 2017)

  • Bug 1365790 - Bump security preload information expiration dates to 2017-09-26 for Firefox 54.
  • Bug 1368477 - Mirror the search suggestions pref every time the user makes a choice.
  • Bug 1366446 - Ensure layers TextureClient always lives as long as the SourceSurface using it.
  • Bug 1368077 - Strip page titles from URLs on the pasteboard when dragging on OSX/macOS.
  • Bug 1367720 - Restore ability to drag & drop files from Finder to Firefox
  • Bug 1361116 - Ensure that string data is sent to the pasteboard when requested by macOS services.
  • Bug 1330470 - Restore ability to drag & drop entries from the download list to Finder on OSX
  • Bug 1358075 - Generate UTI types dynamically when needed for the new drag & drop APIs on OSX.
  • Bug 1358075 - Display friendly names for .webloc files on OSX after dragging URLs to Finder.
  • Bug 1368751 - AWSY - use proper Windows paths in checkpoint script
  • Bug 1353625 - detect zero (0) as invalid resolution.
  • Bug 1350088 - Recover when we hit "server was flushed".
  • Bug 1359837 - Block mozAddonsManager if xpinstall.enabled is false/locked.
  • Bug 1300351 - Disable browser_onbeforeunload_navigation.js on non-debug windows.
  • Bug 1332970 - Allow assertion in test_restyles.html;

New in Thunderbird 54.0b2 Beta (May 25th, 2017)

  • Bug 1362611 - Fix packager quoting in the installer
  • Bug 1362611 - Fix packager quoting in the installer.
  • Bug 1358420 - Use staged rollout for fennec beta builds. r=aki,
  • Bug 1363083 - Remove TabMixPlus and Mega from e10s blocklist.
  • Bug 1336657 - On Windows add a sandbox policy rule to allow read / write access to content temp
  • Bug 1363677 - Skip Flush() and EndDraw() if the ID2D1DeviceContext is stale.
  • Bug 1358713 - When a popup's anchor does not have a frame originally, don't have the popup update its position to follow it.
  • Bug 1363253 - Ignore events specific to preview window also when decrementing.
  • Bug 1364002 - Store the user-made search suggestion choice along with userMadeSearchSuggestionChoice
  • Bug 1362918 - Extend the blacklist to cover certain Galaxy S4 models.
  • Bug 1359859 - Use the right entry global for XBL constructor/destructor/field execution.
  • Bug 1359697 - Make CaptivePortalService not poll for status when it is in the NOT_CAPTIVE state
  • Bug 1359204 - Test view-source can open link is not blocked by security policies.
  • Bug 1359204 - Use SystemPrincipal as TriggeringPrincipal when loading page as view-source.
  • Bug 1359204 - Do not query nested URI within CheckChannel in ContentSecurityManager.

New in Thunderbird 52.1.0 (April 30th, 2017)

  • What’s New:
  • Fixed: Clicking on a link in an email may not open this link in the external browser.
  • Known Issues:
  • Large number of blank pages being printed under certain circumstances
  • Large attachments may not be shown or saved correctly if the message is stored in an IMAP folder which is not synchronized for offline use. Workaround: Set preference browser.cache.memory.max_entry_size to the value of -1 (unlimited) and create integer preference browser.cache.memory.capacity with the value of 200000 (200 MB, 25 MB per message).
  • Crash due to incompatibility with McAfee Anti-SPAM add-on. Workaround: Start in safe mode and disable McAfee Anti-Spam Extension
  • Background images not working and other issues related to embedded images when composing email
  • Crash when compacting IMAP folder

New in Thunderbird 53.0b1 Beta (April 7th, 2017)

  • Bug 1352367 - [push-apk] deactivate dry-run option on aurora and beta
  • Bug 1349650 - [css-grid] Crashtest.
  • Bug 1349650 - [css-grid] Fix a bogus assertion
  • Bug 1353373 - Fix Edge readinglist imports
  • Backed out changeset c3e6050e17f1 (bug 1192818) for causing bug 1346872 and other regressions.
  • Bug 1351456 - Don't assume that window.load will be called after the pref has been flipped.
  • Bug 1291320 - Skip test_focus_after_navigation for "Unable to locate element: :focus"
  • Bug 1291320 - Make refresh command synchronous.
  • Bug 1291320 - Refactor page load algorithm for listener framescript.
  • Bug 1291320 - Disallow slow loading page to be put into the cache.
  • Bug 1291320 - Refactor navigation unit tests by using non-remote pages only if necessary.
  • Bug 1349581: defer nativeRegistration for android Jni to avoid thread issues
  • Bug 1314543 - Make EnsureGPUReady() returns bool to make sure GPU process is readay.
  • Bug 1317191 - Return when onPause is called before onResume and add Telemetry ping for future debugging.
  • Bug 1350844 - Fix typoed variable name.
  • Bug 1353476 - Make InputObserver refcounted.
  • Bug 1299626 - Fix "TypeError: can't access dead object" in assert.window().
  • Bug 1352406 - Re-apply bug 1321306 to make sure text wrapping works correctly in about:tabcrashed.

New in Thunderbird 52.0 (April 4th, 2017)

  • New:
  • Folder pane toolbar and folder view selector (replacement for folder view arrows)
  • Optionally remove corresponding data files when removing an account from Thunderbird
  • Import settings from Becky! Internet Mail
  • Possibility to copy message filter
  • Dictionary setting is restored when editing a draft. Content-Language header (RFC 3282) transmitted with message
  • Calendar: Event can now be created and edited in a tab
  • Calendar: Processing of received invitation counter proposals
  • Chat: Support Twitter Direct Messages
  • Chat: Liking and favoriting in Twitter
  • Chat: XMPP: Support SASL SCRAM authentication mechanism
  • Chat: Support Jabber/XMPP Message Carbons (XEP-280)
  • Changed:
  • IMPORTANT: The way images are included in a compose window has changed. Images are now included as data URIs and not as references to parts of other messages or operating system files. This allows better interoperability with office packages such as MS Office or LibreOffice. Images linked from locations on the internet will no longer be downloaded and attached to the message automatically. This can be changed for each image individually via the Image Properties dialog or globally by setting the preference mail.compose.attach_http_images.
  • Correspondents column now default for all new folders, can be switched off with preference mail.threadpane.use_correspondents
  • When replying to a mailing list, reply will be sent to address in From header ignoring Reply-to header
  • Formatting toolbar is now left in place when delivery format is switched to plain text only
  • Messages in IMAP folders read on external device are now filtered by default
  • Folders backed by mbox storage larger than 4GB are supported without warning (unless preference mailnews.allowMboxOver4GB is set to false)
  • IMAP caching now uses Mozilla's latest caching technology
  • Chat: Removed Yahoo! Messenger support (since Yahoo removed support)
  • Fixed:
  • Message preview pane non-functional after IMAP folder was renamed or moved
  • Editing in paragraph format: Pressing Shift+Enter sometimes doesn't move the cursor to the next line
  • Various corrections when composing messages in paragraph format
  • Paste as quotation doesn't always work
  • Long lines in plain text replies not properly wrapped
  • Undesired white-space before signature in paragraph mode
  • When attachment unavailable, compose shows endless "Attaching..." message instead of error
  • Text encoding of reply sometimes incorrect (uses encoding of last viewed message)
  • Text encoding of message display, reply or forwarded message sometimes incorrect (uses encoding of attachment)
  • Delivery Format not preserved for saved drafts (Auto-Detect|Plaintext|HTML|Both)
  • Reply to own e-mail does not reply with the correct identity
  • IMAP message part caching
  • Links with escaped non-ASCII (international) characters can't be clicked
  • Calendar: Events specified in timezone "local time" generate alerts in UTC time
  • Chat: XMPP Resource collisions

New in Thunderbird 45.8.0 (March 7th, 2017)

  • Various security fixes.

New in Thunderbird 52.0b4 Beta (February 25th, 2017)

  • NEW:
  • Pages containing insecure password fields now display a warning directly within username and password fields.
  • Send and open a tab from one device to another with Sync
  • CHANGED:
  • Improved text input with some third-party keyboard layouts on Windows, e.g., keyboard layouts which have chained dead keys, inputs two or more characters with a non-printable key or a dead key sequence, inputs a character even when a dead key sequence failed to compose a character.
  • Implemented the Strict Secure Cookies spec which forbids insecure (http:) sites from setting cookies with the "secure" attribute, and in some cases prevents an insecure site from setting a cookie with the same name as an existing "secure" cookie from the same base domain.
  • Removed NPAPI support for plugins other than Flash. Silverlight, Java, Acrobat and the like are no longer supported.
  • Removed Battery Status API to reduce fingerprinting of users by trackers
  • Improved experience for downloads:
  • Notification in the toolbar when a download fails
  • Quick access to five most recent downloads rather than three
  • Larger buttons for canceling and restarting
  • DEVELOPER:
  • Enabled CSS Grid Layout
  • Screen sharing shows a preview and no longer requires a whitelisted domain
  • Responsive Design Mode redesigned and enhanced with device selection, network throttling, and more

New in Thunderbird 52.0b3 Beta (February 16th, 2017)

  • Bug 1332508 - Reinitialize allocator mutexes in fork() child processes.
  • Bug 1286613 - Update jemalloc 4 to c6943ac.
  • Bug 1286613 - Add dummy implementations for most remaining OSX zone allocator functions.
  • Bug 1286613 - Don't rely on OSX SDK malloc/malloc.h for malloc_zone struct definitions.
  • Bug 1286613 - Use the same zone allocator implementation as replace-malloc for mozjemalloc
  • Bug 1286613 - Move replace-malloc zone allocator to a separate file.
  • Bug 1286613 - Properly call mozjemalloc pre/post fork hooks on OSX when replace-malloc is enabled.
  • Bug 1275204 - mozjemalloc: Use the JS arm64 allocator on Linux/sparc64.
  • Bug 1275204 - mozjemalloc: Use better pre-processor defines for sparc64.
  • Bug 1322027 - Don't disable hugepage support since it no longer causes PGO issues.
  • Bug 1322027 - Update jemalloc 4 to version 4.4.0. r=glandium a=jorgk
  • Bug 1325707 - Change IPC_OK() to true to fix bustage in VideoDecoderParent.cpp.
  • Bug 1325707: P2. Handle OOM conditions when creating MediaRawData object.
  • Bug 1325707: P1. Check returned value.
  • Bug 1335854 - Tone down non-zero refcount message for dynamic atoms.

New in Thunderbird 45.7.1 (February 8th, 2017)

  • Fixed: Crash when viewing certain IMAP messages (introduced in 45.7.0)

New in Thunderbird 45.7.0 (January 26th, 2017)

  • Fixed:
  • Message preview pane non-functional after IMAP folder was renamed or moved
  • "Move To" button on "Search Messages" panel not working
  • Message sent to "undisclosed recipients" shows no recipient (non-functional since Thunderbird version 38)
  • Calendar: No way to accept/decline email invitations when sent and received messages are stored in the same folder
  • Various security fixes

New in Thunderbird 51.0b2 Beta (January 18th, 2017)

  • Bug fixes:
  • Bug 1331340 - FileReader should not continue when allocation fails.
  • Bug 1303668 - Failing to find a symbols url should be a warning instead of a exception.
  • Bug 1330693 - Try to handle SW job double-completion better.
  • Bug 1331317 - only enable the pref 'media.block-autoplay-until-in-foreground' on Nightly.
  • Bug 1321300 - Back out bug 1264768 and add test.
  • Bug 1323837 - Draw nothing if there are no color stops for gradient effect.
  • Bug 1331038 - Make nsPipe handle OOM conditions gracefully.
  • Bug 1330979 - Don't raise NS_ERROR_DOM_SECURITY_ERROR on DataTransfer access violations
  • Bug 1330710 - Make gfxFontconfigFont keep track of its actual adjusted size.
  • Bug 1330273 - Add some security checks about the use of the string buffer in FileReader.
  • Bug 1329090 - Fix the misuse of the variable.
  • Bug 1307458 - Update LayerManager pointer of all Layers of LayerTransactionParent.
  • Bug 1307347 - Longer timeout for browser_console_history_persist.js.
  • Bug 1331058 - Fix analysis check in IonBuilder::initEnvironmentChain

New in Thunderbird 51.0b1 Beta (January 12th, 2017)

  • Bug 1329941 - [compact layout] Increase tile title background opacity to improve legibility.
  • Bug 1329044 - Avoid taking const references to fields behind accessors.
  • Bug 1325141 - Fix leak in Z-constrained windows on OS-X.
  • Bug 1128311 - Only flush the DNS cache when the last private browsing window is closed;
  • Bug 1328834 - Check hasScript in IonBuilder::createThisScriptedSingleton.
  • No bug - Tagging ce55e4d276031458f0730d481acff05d7c797038 with FIREFOX_51_0b13_BUILD1, FIREFOX_51_0b13_RELEASE a=release CLOSED TREE
  • Bug 1329309 - remove deprecated SkOpts_sse41 blits
  • Bug 1327996 - Disabled buttons in devtools now do show tooltips
  • Bug 1318769 - add reftest to verify that color emoji show up.
  • Bug 1318769 - make SkFontHost_cairo match cairo-ft's handling of FcPattern embeddedbitmap option
  • Bug 1318630 - Part 2: Create correct html element object when "is" is specified for custom element;
  • Bug 1318630 - Part 1: Fix missing control pref checks for custom element feature;
  • Bug 1315146 - Avoid using the Web-facing Range methods in nsTextControlFrame::SetSelectionInternal();
  • Bug 1309111 - Some macros are not expanded correctly by MSVC.
  • Bug 1304266 - Remove libevent workaround for MacOS 10.4 bug

New in Thunderbird 45.6.0 (December 29th, 2016)

  • FIXED:
  • The system integration dialog was shown every time when starting Thunderbird
  • VARIOUS SECURITY FIXES:
  • CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements:
  • Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption.
  • CVE-2016-9895: CSP bypass using marquee tag:
  • Event handlers on marquee elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript.
  • CVE-2016-9897: Memory corruption in libGLES:
  • Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES.
  • CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees:
  • Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor.
  • CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs:
  • External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of data: URLs. This could allow for cross-domain data leakage.
  • CVE-2016-9904: Cross-origin information leak in shared atoms:
  • An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites.
  • CVE-2016-9905: Crash in EnumerateSubDocuments:
  • A potentially exploitable crash in EnumerateSubDocuments while adding or removing sub-documents.
  • CVE-2016-9893: Memory safety bugs fixed in Thunderbird 45.6:
  • Mozilla developers and community members Jan de Mooij, Iris Hsiao, Christian Holler, Carsten Book, Timothy Nikkel, Christoph Diehl, Olli Pettay, Raymond Forbes, and Boris Zbarsky reported memory safety bugs present in in Thunderbird ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

New in Thunderbird 45.5.1 (December 1st, 2016)

  • Various security fixes:
  • 2016-92: Firefox SVG Animation Remote Code Execution.

New in Thunderbird 50.0b3 Beta (October 28th, 2016)

  • Bug 1026404 - Disable OES_EGL_image and OES_EGL_image_external on SGX 544 MP devices. r=eflores a=ritu
  • EGLImageTargetTexture2D crashes on SGX 544 MP GPUs on Kit Kat with either GL_TEXTURE_2D or GL_TEXTURE_EXTERNAL as the texture target. This means that both OES_EGL_image and OES_EGL_image_external extensions do not work and must be avoided.
  • No bug, Automated blocklist update from host bld-linux64-spot-097 - a=blocklist-update
  • Backed out changeset 5ebcf218f678 (bug 1292273) for browser_Troubleshoot.js failures.
  • Bug 1280878 - Update safebrowing_notification test for changed Google URL. r=francois, a=test-only
  • Bug 1308859 - Do not hold on to pointers into mStyleStack across a presshell flush. r=jrmuizel, a=ritu
  • Bug 1311409 - Eyedropper click doesn't work, have to use Enter key. r=me, a=ritu
  • Bug 1292273 - Add logs to record the failure of compositor creation. r=dvander, a=ritu
  • Bug 1292273 - Skip CompositorD3D11::EndFrame when device-removed happened and add some logs for tracking the behavior. r=dvander, a=ritu
  • Bug 1305204 - Backout bug 1275746. a=ritu
  • Bug 1311557 - Ensure custom sync engines aren't reported in sync ping. r=markh, a=ritu
  • Bug 1294605 - Notify MediaStreamTrackSource when ReadyState is overriden. r=jib, a=ritu
  • Bug 1312958 - Part 2: Only delete the trackinfo object once the decoder has been shutdown. r=gerald, a=ritu
  • While it's unlikely to have been a problem as the decoder would have been idled at this stage. During the time the TrackInfo was reset and the decoder actually be shut down, the reference to the object would have been invalid causing a potential UAF.
  • Bug 1312958 - Part 1: Do not modify original Audio/Video info. r=gerald, a=ritu
  • The issue is particularly problematic with the Apple audio decoder. The Apple decoder relies on the sampling rate to configure the CoreAudio transform.
  • The actual output rate may be different (such as with HE-AAC). Should the decoder ever need to be reset again, future initialization would have failed as the initial rate was now incorrect.
  • Bug 1312530 - Force windowless plugin mode in 64-bit builds if async rendering is disabled. r=akotz, a=ritu
  • Bug 1310814 - Add ObjC exception guards. r=spohl, a=ritu
  • With the added safety checks it's unlikely that anything in this function will fire ObjC exceptions, but our rule is to have guards around every Objective C function that can directly be called from C++ files.
  • Bug 1310814 - Use public NSLocale API for getting the system country code. r=spohl, a=ritu
  • This potentially changes behavior. On my machine, the old code returned
  • NS_ERROR_FAILURE because the dictionary did not have a "countryCode" entry,
  • but this new implementation correctly returns the string "CA".
  • Bug 1313198 - Bundle a fallback version of the SDK loader behind a preference. r=Mossop, a=ritu
  • Bug 1309350 - Part 2: Speed up synchronous resolution of module paths. r=gps, r=ochameau, a=ritu
  • r?gps for the build changes and ochameau for the rest.
  • This results in about a 28% speed-up for Jetpack mochitest runs, for me.
  • Bug 1309351 - Part 2: Use a shared global sandbox and simple module resolution for built-in modules. r=ochameau, a=ritu
  • This takes another 21% off the Jetpack test suite run time for me.

New in Thunderbird 45.4.0 (October 3rd, 2016)

  • Fixed:
  • Display name was truncated if no separating space before email address.
  • Recipient addresses were shown in red despite being inserted from the address book in some circumstances.
  • Additional spaces were inserted when drafts were edited.
  • Mail saved as template copied In-Reply-To and References from original email.
  • Threading broken when editing message draft, due to loss of Message-ID
  • "Apply columns to..." did not honor special folders

New in Thunderbird 45.3.0 (September 2nd, 2016)

  • Security fixes:
  • 2016-62 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3)

New in Thunderbird 49.0b1 Beta (September 2nd, 2016)

  • Bug fixes:
  • Bug 1299445 - use distribution.ini directly to check if automigration is enabled.
  • Bug 1298771 - Attach last-update.log to update results for Firefox UI update tests.
  • Bug 1294054 - Use marionette.py instead of runner.py in case of crashes with no active test.
  • Bug 1284457 - Reduce default socket timeout for Marionette to 60s.
  • Bug 1244425 - Avoid CPOW when setting file array on .
  • Bug 1280947 - Dispatch DOM change event on appending file to input.
  • Bug 1280947 - Correct argument to event.sendEvent.
  • Bug 1280947 - Remove dead File object construction code.
  • Bug 1280947 - Support tuples for script arguments.
  • Bug 1280947 - Improve names of JSON marshaling methods in Marionette client.
  • Bug 1297446 - Shimwaiver for l10n.
  • Bug 1051567 - Make sure we resend file descriptors for the first chunk of a message.
  • Bug 1298505 - CSP: Update StripURIForReporting to rely on NS_SecurityCompareURIs.
  • Bug 1294536 - KeyboardLayout::InitNativeKey() shouldn't initialize NativeKey with WM_CHAR whose wParam isn't a printable character.
  • Bug 1299256 - Fix performance issues when stripping comments from large locale files.
  • Bug 1293308 - System font setting respected by location bar but ignored by location bar's autocomplete drop-down list.

New in Thunderbird 45.2.0 (July 1st, 2016)

  • FIXED:
  • Invitations to events could not be printed.
  • Dragging and dropping of contacts from the contact list onto an addressbook while All Addressbooks is selected moved only one contact
  • Falsely reported not enough disk space during compacting
  • Links were not always detected properly in the message body (terminated early on "|", some long links not detected at all)

New in Thunderbird 47.0b2 Beta (June 20th, 2016)

  • Bug 1255245: ESR45 generates mar files with the wrong channel ID: Always modify update-settings.ini.
  • Bug 1275339 - [ffmpeg] Don't assume AVFrame has a constant size.
  • Bug 1276027 - Add a Telemetry probe to track how often Firefox is used as the default handler.
  • Bug 1276931. Add VsyncSource::Shutdown which shuts down global display.
  • Bug 1277882 - Disable e10s on Linux when recent accessibility use is detected.
  • Bug 1278851 - Enable service worker notifications everywhere except for non-release B2G.
  • Bug 1278435 - Update DOM interface tests to reflect shipping Push on Android.
  • Bug 1275095 - Enable MOZ_ANDROID_CGM for all builds;
  • Bug 1258375, bump NSS version requirement to 3.24,
  • Bug 1275311 - Get property when in content in security notification UI test;
  • Bug 1275249 - Update UI tests to get property where applicable
  • Bug 1271911 - Wait for the expected notifications in test_notifications.py to avoid transient popups.
  • Bug 1271911 - Enable the browser.tabs.remote.force-enable preference when using e10s.
  • Bug 1278605 - ensure that nsICertOverrideService can be implemented in JS
  • Bug 1270641 - Choose winner of expanded-firstrun.
  • Bug 1265281 - (Beta rebase) Blacklist atiumd64.dll versions for D3D9 DXVA which are suspected to crash.
  • Bug 1271525 - (Beta rebase) Blacklist igdumd64.dll versions for D3D9 DXVA which are suspected to crash.
  • Bug 1271525 - (Beta rebase) Add ability to blacklist D3D9 DXVA via pref.

New in Thunderbird 45.1.1 (May 30th, 2016)

  • FIXES:
  • When entering members into a mailing list, the enter key dismissed the panel instead of just moving onto the next line
  • Email without HTML elements was sent as HTML, despite "Delivery Format: Auto-detect" option
  • Options applied to a template were lost when the template was used.
  • Contacts could not be deleted when they were found through a search
  • Views from global searches did not respect "mail.threadpane.use_correspondents"

New in Thunderbird 45.1.0 (May 13th, 2016)

  • Security fixes:
  • 2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)

New in Thunderbird 45.0 (April 13th, 2016)

  • New - Add a Correspondents column combining Sender and Recipient
  • New - Much better support for XMPP chatrooms and commands.
  • New - Remote content exceptions: Improved options to add exceptions.
  • New - Implement option to always use HTML formatting to prevent unexpected format loss when converting messages to plain text.
  • New - Use OpenStreetmap for maps (even allow the user to choose from list of map services)
  • New - Allow spell checking and dictionary selection in the subject line
  • New - Allow editing of From when composing a message.
  • New - Add dropdown in compose to allow specific setting of font size.
  • New - Return/Enter in composer will now insert a new paragraph by default (shift-Enter will insert a line break)
  • New - Allow copying of name and email address from the message header of an email
  • New - Mail.ru supports OAuth authentication.
  • Fixed - Fixed: When sending e-mail which was composed using Chinese, Japanese or Korean characters, unwanted extra spaces were inserted within the text.
  • Fixed - Spell checker checked spelling in invisible HTML parts of the message.
  • Fixed - When saving a draft that is edited as new message, original draft was overwritten.
  • Fixed - External images not displayed in reply/forward
  • Fixed - Crashed in some cases while parsing IMAP messages.
  • Fixed - Properly preserve pre-formatted blocks in message replies.
  • Fixed - Copy/paste from a plain text editor lost white-space (multiple spaces/blanks, tabs, newlines)
  • Fixed - "Open Draft"/"Forward"/"Edit As New"/"Reply" created message composition with incorrect character encoding.
  • Fixed - Fixed: Grouped By view sort direction change was broken, plus enabled custom column grouping.
  • Fixed - Fixed: New emails into a mailbox did not adhere to sort order by received.
  • Fixed - Fixed: Box.com attachments failed to upload.
  • Fixed - Fixed: Drag and drop of multiple attachments failed to OS file folder.
  • Fixed - XMPP had connection problems for users with large rosters

New in Thunderbird 38.7.1 (March 24th, 2016)

  • What’s New:
  • Changed: Disabled Graphite font shaping library
  • Security fixes:
  • 2016-37 Font vulnerabilities in the Graphite 2 library
  • 2016-35 Buffer overflow during ASN.1 decoding in NSS
  • 2016-34 Out-of-bounds read in HTML parser following a failed allocation
  • 2016-31 Memory corruption with malicious NPAPI plugin
  • 2016-27 Use-after-free during XML transformations
  • 2016-24 Use-after-free in SetBody
  • 2016-23 Use-after-free in HTML5 string parser
  • 2016-20 Memory leak in libstagefright when deleting an array during MP4 processing
  • 2016-17 Local file overwriting and potential privilege escalation through CSP reports
  • 2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)

New in Thunderbird 38.7.0 (March 14th, 2016)

  • Various security fixes.

New in Thunderbird 45.0b2 Beta (February 19th, 2016)

  • Bug fixes:
  • Bug 1245912 - Update Loop system add-on to version 0.3.0.
  • Bug 1229195 - explicitly link 'content' to the frame script global scope to prevent out-of-scope errors.
  • Bug 1154277 - follow-up - fix linting error by removing a leftover break statement.
  • Bug 1154277 - Part 4 - Update the loop add-on and introduce a pref to switch e10s support for Loop/ Hello on or off. The default for now is off.
  • Bug 1154277 - Part 3 - implement test changes to work in e10s mode as well.
  • Bug 1154277 - Part 2 - support running Social API documents to run in a remote browser, i.e. the content process.
  • Bug 1154277 - Part 1 - allow to swap docShells on remote browsers that are not a child of a BrowserDOMWindow.
  • Bug 1246592 - Try and fix windows locale repack bustage by adjusting how locales are built for Loop.
  • Bug 1239828 - Fix broken L10n repos, correct ifdef for inclusion of locales, and add 'id' locale that was being ignored by .gitignore.
  • Bug 1239828 - Support Loop's localisation mechanisms for Loop as a system-addon.
  • Bug 1239828 - Update Loop to the latest version.

New in Thunderbird 38.6.0 (February 17th, 2016)

  • Security fixes:
  • 2016-14 Vulnerabilities in Graphite 2
  • 2016-03 Buffer overflow in WebGL after out of memory allocation
  • 2016-01 Miscellaneous memory safety hazards (rv:44.0 / rv:38.6)
  • 2015-150 MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature

New in Thunderbird 46.0a2 Earlybird (February 12th, 2016)

  • Various security fixes.
  • Fixed:
  • Filters ran on a different folder than selected.

New in Thunderbird 45.0b1 Beta (February 6th, 2016)

  • New:
  • Allow editing of From when composing a message.
  • AB quick search and contacts side bar will search nicknames
  • Allow copying of Name and Address from an email displayed from header menu.
  • Allow printing of individual contacts from context menu
  • Mail.ru supports OAuth authentication.
  • Fixed:
  • Allow drag and drop of multiple attachments to OS file folder.
  • Fixed: CJK(Chinese, Japanese, Korean): extra space is inserted within text in mail due to wrap produced by mailnews.wraplength and line length limitation of 1000bytes of SMTP
  • Box.com attachment upload works again.
  • Fixed: New emails into a mailbox did not adhere to sort order by received.
  • Fixed broken Grouped By view sort direction change, enabled custom column grouping

New in Thunderbird 44.0b1 Beta (January 14th, 2016)

  • Bug fixes:
  • Bug 1236643 - Reorder GeckoEditable destruction sequence
  • Bug 1234280 - Handle oom in CodeGeneratorShared::addCacheLocations
  • Backed out changeset 486e6901c1d9 (bug 1234280)
  • Bug 1224766 - Forward callID to disambiguate multiple gUM requests from same window
  • Bug 1238010 - Turn off ClosingService.
  • Bug 1208145 - Clear XUL persistence data for passwordManager.xul passwordCol.hidden.
  • Bug 1208145 - Revert bug 1121291 using hard-coded strings from Fx43
  • Bug 1233599 - Add build dependencies to appcompat-v7
  • Bug 1218473 - Add check for presence of NVIDIA Optimus drivers to WindowsNopSpacePatcher;
  • Bug 1237103 - Fix Application Reputation remote lookups.
  • Bug 1236266 - Use release assert in IPC serialization for regions
  • Bug 1236266 - Don't generate invalid empty regions in pixman
  • Bug 1236951 - New mozharness script for desktop partner repacks, and associated config files, DONTBUILD
  • Bug 1224736 - When image size lookup fails in nsTreeBodyFrame::PaintImage, only fall back to use the full destRect if we've got a VectorImage

New in Thunderbird 38.5.1 (January 7th, 2016)

  • Changed - Use a SHA-256 signing certificate for Windows builds, to meet new signing requirements

New in Thunderbird 38.4.0 (November 28th, 2015)

  • Security fixes:
  • 2015-133 NSS and NSPR memory corruption issues
  • 2015-132 Mixed content WebSocket policy bypass through workers
  • 2015-131 Vulnerabilities found through code inspection
  • 2015-128 Memory corruption in libjar through zip files
  • 2015-127 CORS preflight is bypassed when non-standard Content-Type headers are received
  • 2015-123 Buffer overflow during image interactions in canvas
  • 2015-122 Trailing whitespace in IP address hostnames can bypass same-origin policy
  • 2015-116 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)

New in Thunderbird 38.3.0 (November 25th, 2015)

  • New:
  • Saved files tab now implements Search field and Clear button.
  • Fixed:
  • (Right-)Clicking on a newsgroup now allows directly composing a message again
  • Importing to the address book from CSV now works with international characters
  • Thunderbird no longer crashes when executing filter rules when using maildir
  • When using the maildir storage format, the INBOX folder is no longer deleted
  • Emails with long References headers are now decoded correctly
  • Checking for new messages correctly works after hibernation again
  • Chat entries are no longer sometimes lost in global database at shutdown.

New in Thunderbird 42.0b2 Beta (October 13th, 2015)

  • No bug, Automated blocklist update from host
  • backout 362678f780fb (Bug 1152743) because of mozmill failures
  • Bug 1152743 - Re-implement "Search" field and "Clear List" button in Saved Files tab (version only for TB38).
  • backout d57ca248d65f (Bug 1152743) that had unexpected string changes
  • Bug 1127580 - mozmill/content-policy/test-general-content-policy.js transition timing improvement.
  • Bug 1152651, another bustage fix for test_pop3MultiCopy2.js .
  • Bug 1193200, undue string changes from previous push
  • Bug 1152651, bustage fix for test_pop3MultiCopy2.js, Array.includes not available pre-gecko 44
  • Bug 1193200 - Remote content exceptions: Cannot add email address to blocklist with Block and Allow buttons; adding web site seems to succeed but also invisible (no new strings version).
  • Port changes from Bug 1207310 (Disable GTK3 on beta) to comm-beta
  • Bug 1152743 - Re-implement "Search" field and "Clear List" button in Saved Files tab.
  • Bug 1152651 part 2, maildir-mbox multi copy fails
  • No bug, Automated blocklist update from host
  • Bug 1187222 - Support building with GTK3 in suite/ r+a=bustagefix in a CLOSED TREE
  • Backout cset 6208e42ad6b7 for incompleteness. r+a=backout in a CLOSED TREE
  • Bug 1187222 - Support building with GTK3 in suite/ (beta changes in mozconfigs) r+a=bustagefix in a CLOSED TREE
  • Backed out changeset 156692ed2548 r+a=backout in a CLOSED TREE
  • Bug 1187222 - Support building with GTK3 in suite/ (beta changes to releng.manifests) r+a=bustagefix in a CLOSED TREE

New in Thunderbird 41.0b1 Beta (September 9th, 2015)

  • New - Visual appearance improved on Windows 10
  • Fixed - Spellchecker no longer jumps between languages
  • Fixed - Proxy is taken into account for pop3s protocol

New in Thunderbird 38.2.0 (August 15th, 2015)

  • Changed: Hardware acceleration is now disabled by default to avoid crashing Thunderbird
  • Fixed: A few bugs have been fixed to avoid crashing Thunderbird

New in Thunderbird 40.0b1 Beta (July 24th, 2015)

  • Automated checkin: version bump for thunderbird 40.0b1 release.

New in Thunderbird 38.1.0 (July 10th, 2015)

  • Bug Fixes:
  • Copy/Paste into plain text editor deletes newlines from quoted text (bug 1143570)
  • Cross-posts won't send because Newsgroups: groups are separated with comma+space, not just comma (bug 1151448)
  • Cannot send email through exchange server (NTLM) (bug 1174159)
  • Doesn't display GB2312 encoded texts correctly for Chinese Characters (bug 1174580)
  • OAuth2 authentication for GMail does not work when specified server is imap.gmail.com or smtp.gmail.com. (bug 1176773)
  • Security fixes:
  • 2015-71 NSS incorrectly permits skipping of ServerKeyExchange
  • 2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
  • 2015-67 Key pinning is ignored when overridable errors are encountered
  • 2015-66 Vulnerabilities found through code inspection
  • 2015-63 Use-after-free in Content Policy due to microtask execution error
  • 2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)

New in Thunderbird 38.0.1 (June 11th, 2015)

  • NEW:
  • GMail supports OAuth2 authentication, removing the need to manually select "allow less secure applications" in Google options for the account. (bug 849540)
  • Ship Lightning calendar addon with Thunderbird and enable with an opt-out dialog (bug 1113183)
  • Filter sent messages (bug 11039)
  • Filter messages when archived (bug 479823)
  • Enable search in multiple/all address books (bug 170270)
  • Add support for Yahoo Messenger in Chat (bug 955574)
  • Support Internationalized domain name URLs for RSS feeds (Bug 1018589)
  • Show expanded columns in folder pane (bug 464973)
  • Allow file-per-message (maildir) local message storage (bug 845952)
  • Add a Learn more link to the support page in feeds subscribe dialog (bug 1053782)
  • Add reading position marker line to conversations (bug 760762)
  • The editor for twitter should show inputtable character count (bug 736002)
  • CHANGED:
  • Thunderbird will no longer use SHA-1 to sign messages (bug 1018259)
  • Removed rarely used character sets: T.61-8bit, non-encoding Mac encoders, VISCII, x-viet-tcvn5712, x-viet-vps x-johab, ARMSCII8 , map us-ascii to windows-1252, ISO-8859-6-I and -E and ISO-8859-8-E, (bug 1068505 and others.)
  • Disable CONDSTORE support for IMAP to prevent discrepancies in IMAP message status (deleted, unread) on some servers (bug 912216)
  • Make OpenSearch queries open in the user's default browser (bug 1120777)
  • Default to using SSL for XMPP and IRC. This might cause issues for self-signed certificates (bug 1122567, bug 1122666)
  • FIXED:
  • Replied/forwarded icons disappear after folder repair, detach/delete (bug 840418)
  • Attachment "Save As" files are displayed in Tools/Saved Files (bug 914517)
  • Adding unknown email addresses to Mailing list, then deleting ghost duplicate entries from contacts pane, caused dataloss in mailing list (bug 628035)
  • Web site from RSS feed was not rendered correctly (bug 662907)
  • Email address with leading/trailing whitespace displayed wrongly with added quotes when composing ["foo"@bar.com] (bug 286760)
  • Force display of Sender header if S/MIME sender is the signer (bug 332639)
  • Addressing autocomplete widget: Typed text in red despite results/matches found if suggestions change by last input (bug 1042561)
  • Status bar not accessible (bug 934875)
  • Wrong folder may be deleted when requesting junk delete (bug 1018960)
  • Severe UI stutter or freezes getting new mail for very large folders (bug 870556)
  • Automatically rejoin multi-user conversations on reconnect for XMPP (bug 1014472)
  • Various improvements when using IRC on moznet (bug 1083768 and others)
  • Significantly improve XMPP support (bug 1085022 and others)
  • Fixes for connecting to non-standard IRC networks (bug 870556 and others)
  • Automatically reclaim IRC nicks during a reconnect (bug 1087566)
  • Changing location in editor doesn't preserve the font when returning to end of text/line (bug 756984)
  • Inline spell checker loses red underlines after a backspace is used (bug 1100966)

New in Thunderbird 38.0b6 Beta (May 25th, 2015)

  • Bug 1158761 - Part 1: Make CheckPluginStopEvent run asynchronously.
  • Bug 1158761 - Part 2: Update checks for plugin stop event in tests.
  • Bug 960762 - Fix intermittence of Notification mochitests.
  • Bug 978846 - Add a file to the tree to tell mozharness what arguments from try are acceptable to pass on to the harness process.
  • Bug 1149842 - Release the mutex for NS_OpenAnonymousTemporaryFile to prevent the deadlock.
  • ug 1163841 - Always call eglInitialize(), but kill the preloading hack (which was crashing before).
  • Bug 1166240 - Add pocket.svg to aero section of toolkit's windows/jar.mn.
  • Bug 1164866 - Bump mozharness.json to rev 6f91445be987.
  • ug 1151619 - Add Adjust SDK license.
  • Bug 1147487 - Don't try to reader-ize non-HTML documents.
  • Bug 1160407 - Redirect links within the Pocket panel to open in non-private windows when temporary Private Browsing is used.
  • Bug 1165416 - Update Pocket code to latest version (May 15th code drop).
  • Bug 1163917 - Remove the widget from its area if the conditionalDestroy promise is resolved truthy.
  • Bug 1165135 - Distribution directory not removed on pave over install.
  • Bug 1164426 - Build reader mode blocklist.
  • Bug 1164940 - Lazily create iframe.

New in Thunderbird 31.7.0 (May 15th, 2015)

  • Security fixes:
  • 2015-57: Privilege escalation through IPC channel messages
  • 2015-54: Buffer overflow when parsing compressed XML
  • 2015-51: Use-after-free during text processing with vertical text enabled
  • 2015-48: Buffer overflow with SVG content and CSS
  • 2015-47: Buffer overflow parsing H.264 video with Linux Gstreamer
  • 2015-46: Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)

New in Thunderbird 38.0b4 Beta (May 2nd, 2015)

  • Bug 1159300 - Add a clone of gmp-fake that doesn't do decryption.
  • Bug 1159300 - Don't use decrypting Gecko Media Plugins for non-encrypted playback.
  • Bug 1158568 - Fix potential size overflow.
  • Bug 1156131 - mingw cross compilation fixup.
  • Bug 1154791 - Remember all ranges for all selections when splitting nodes in the editor transactions - missing files from merge conflict
  • Bug 1154791 - Remember all ranges for all selections when splitting nodes in the editor transactions;
  • Bug 756984 - Collapse the selection on the last text node on the line, skipping br and inline frames when clicking past the end of line;
  • Bug 1100966 - Remember all ranges for all selections when joining nodes in the editor transactions;
  • Bug 1155474 - Consider the input to MThrowUninitializedLexical implicitly used.
  • Backed out changeset daaa2c27b89f (bug 1155474) for bustage.
  • Bug 1149605 - Avoid potential integers overflow.
  • Bug 1155474 - Consider the input to MThrowUninitializedLexical implicitly used.
  • Bug 1154703 - Avoid using WARP if nvdxgiwrapper.dll is around.
  • Bug 1158627 - WebRTC return error if GetEmptyFrame returns null.

New in Thunderbird 38.0b3 Beta (April 25th, 2015)

  • Bug 1139591 - Skip browser_timeline_overview-initial-selection-01.js on OSX debug.
  • Bug 1156560 - Prefer old CDMs on update if they are in use.
  • Bug 1156913 - Use highlighttext color also for :active menus.
  • Bug 1155684 - Part 1-3: Remove reading list sync integration.
  • Bug 1155684 - Part 0: Disable reading list sync in confvars.sh.
  • Bug 1154960 - Fennec should explicitly block the DOM SiteSpecificUserAgent.js file from packaging.
  • Bug 1152550 - Make sure that cross-global Iterator cannot be broken.
  • Bug 1152016 - Suppress fprintf(stderr)'s from jpeg in MJPEG decode.
  • Bug 1151628 - Re-enable MJPEG in libyuv (especially for getUserMedia).
  • Bug 1091155 - Don't check if 'playing' has fired for it depends on how fast decoding is which is not reliable.
  • Bug 1157702 - Re-disable Reading List for Fx 38.0.5.
  • Bug 1155083 - Properly hide reader view tablet on landscape tablets.
  • Bug 1152354 - Remove no longer needed assertion expectation.
  • Bug 1108104 - Fix rebase bustage.

New in Thunderbird 38.0b2 Beta (April 17th, 2015)

  • Bug fixes:
  • Bug 1148923 - min-width the font menulists
  • Bug 1154814 - Move font rules from 'rt' to 'rtc, rt' and make text-emphasis conditional.
  • Bug 1153973 - Don't blindly apply deletions as insertions.
  • Bug 1152121 - Factor out logic to get original URL from reader URL into shared place, and handle malformed URI excpetions.
  • Bug 1141931 - Part 0: Fix unicode-bidi value of ruby elements in html.css.
  • Bug 1145981 - Do not crash when a DIB texture is updated without a compositor.
  • Bug 847903 - Skip 691096-1.html on OSX 10.6 due to intermittent crashes.
  • Bug 1120748 - Resolve intermittent failure of browser_ssl_error_reports.js.
  • Bug 1021174 - Skip test_bug495145.html on OSX 10.6 due to intermittent crashes.
  • Bug 1097721 - Skip test_mozaudiochannel.html on OSX 10.6 due to intermittent crashes.
  • Bug 1092202 - Skip testGetUserMedia for frequent failures.
  • Bug 1150862, make about:reader unlinkable from content on desktop.
  • Bug 1150703 - Allow about: pages to be unlinkable even if "safe for content”.
  • Bug 1154447 - add aero asset for update badge.
  • Bug 1148071 - Fix CDM update behavior.

New in Thunderbird 31.6.0 (April 1st, 2015)

  • Security fixes:
  • 2015-40 Same-origin bypass through anchor navigation
  • 2015-37 CORS requests should not follow 30x redirections after preflight
  • 2015-33 resource:// documents can load privileged pages
  • 2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin
  • 2015-30 Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)

New in Thunderbird 37.0b1 Beta (March 11th, 2015)

  • Bug fixes:
  • Bug 1121417 - Change hiddenOneOffs pref to use unichar type.
  • Bug 1106926 - Ensure that removing a hidden one click search provider also removes it from the browser.search.hiddenOneOffs pref
  • Bug 453969 - Fix the race in test_bug382113.html so we don't set our child-onload-fired boolean to false _after_ the child onload has already fired.
  • Bug 949971 - Set longer timeout for test_input_typing_sanitization.html.
  • Bug 1130150 - mSources update.
  • Bug 1133634 - Fix CanPlayType in GStreamer backend.
  • Bug 981869 - Blacklist crashy flump3dec gstreamer plugin.
  • Bug 1136616 - Allow underscores in reference DNS-IDs in mozilla::pkix name matching.
  • Bug 1051556 - Simplify GeckoEditable exception messages.
  • Bug 1136533 - Remove about:media page.
  • Bug 1140638 - Disable CSP referrer directive.

New in Thunderbird 31.5.0 (February 25th, 2015)

  • Security fixes:
  • 2015-24 Reading of local files through manipulation of form autocomplete
  • 2015-19 Out-of-bounds read and write while rendering SVG content
  • 2015-16 Use-after-free in IndexedDB
  • 2015-12 Invoking Mozilla updater will load locally stored DLL files
  • 2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)

New in Thunderbird 36.0b1 Beta (February 9th, 2015)

  • Bug 1109467 - Appear.in added to screensharing whitelist.
  • Bug 1116891 - Do fallback with RC4 cipher suites after PR_CONNECT_RESET_ERROR.
  • Bug 1029545 - Disable browser_dbg_variables-view-popup-14.js for frequent failures on all platforms.
  • Bug 1114976 - Don't try to free TextureClients if allocation failed.
  • Bug 1128521 - Don't use API 17+ method in search activity.
  • Bug 1128179 - Avoiding crash when appending data after decoder initialization failed.
  • Bug 1127557 - Invalid preference type getting/setting loop.ot.guid.
  • Bug 1126490 - Part 1: Recover when catastrophic circumstances cause us to lose frames in RasterImage.
  • Bug 1126490 - Part 2: Recover from loss of surfaces in VectorImage.
  • Bug 1129567: Revert page-mod to a non-e10s compliant version to fix jank when loading amazon.com.
  • Bug 1124563 - Fixup base shape table after moving GC.
  • Bug 1115153 - Loop: Create API to allow web to retrieve the loop.gettingStarted.seen pref.
  • Bug 1125764 - Allow tour pages to hide UITour annotations and menus when losing visibility.
  • Bug 1118831 - Loop: Click to add Hello icon to toolbar.

New in Thunderbird 31.4.0 (January 14th, 2015)

  • Fixed:
  • The previous issues with jp mac builds have now been fixed, and Thunderbird will no longer need to be run in 32-bit mode.
  • Installing extensions within Thunderbird no longer requires download and installing as a file
  • Security fixes:
  • 2015-04 Cookie injection through Proxy Authenticate responses
  • 2015-03 sendBeacon requests lack an Origin header
  • 2015-01 Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)

New in Thunderbird 31.3.0 (December 2nd, 2014)

  • FIXED:
  • Fixes an issue where using LDAP autocomplete could end up with blank entries in the compose addressing list (Bug 1045753)
  • Fixes an issue where IRC participants were not removed from the display on leaving a channel.
  • Fixes a regression where Thunderbird wasn't respecting the skip integration option on the default client dialog.
  • SECURITY FIXES:
  • 2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory
  • 2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer
  • 2014-88 Buffer overflow while parsing media content
  • 2014-87 Use-after-free during HTML5 parsing
  • 2014-85 XMLHttpRequest crashes with some input streams
  • 2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)

New in Thunderbird 34.0b1 Beta (November 11th, 2014)

  • Fixed bugs:
  • Bug 1023539: Fix occasional timeouts of TURN webrtc transports with one-way connections.
  • Bug 1069762 - Make CSP violation reports match the spec for redirects.
  • Bug 1085509 - Add telemetry for how many permanent certificate overrides users have.
  • Bug 1087104 - Set the partialInfo property for Balrog.
  • Bug 1087104 - Implement partial mar generation in make for 'mach build’.
  • Bug 1085026 - Use sha512 hashes for mar files.
  • Bug 1084163 - Remove 'make check' from automation/build.
  • Bug 1077597 - force -j1 for {pretty-}package-tests.
  • Bug 1013730 - Have mach ignore broken disk io stats.
  • Bug 1072073 - pretty-l10n-check should also be -j1.
  • Bug 978211 followup, make compare-mozconfig work on Win64 again.

New in Thunderbird 31.2.0 (October 14th, 2014)

  • FIXED:
  • Fixed a case where having a contact and card in an address book with the same name could send to the mailing list (Bug 1008718)
  • Security fix:
  • MFSA 2014-73: RSA Signature Forgery in NSS

New in Thunderbird 31.1.2 (September 25th, 2014)

  • FIXED: Fixed an issue where anchor links would not work in HTML emails (Bug 974857)
  • Security fixes:
  • MFSA 2014-73: RSA Signature Forgery in NSS

New in Thunderbird 33.0b1 Beta (September 20th, 2014)

  • Bug 996753 - Workaround for Fx33 not having AppConstants.
  • Bug 1067088 - Use aBorderArea when not skipping any sides (e.g. ::first-letter), not the joined border area.
  • Bug 1063052 - In case a user ends up with unpacked chrome, on update use omni.ja again by removing chrome.manifest.
  • Bug 1000338 - nsICacheEntry.lastModified not properly implemented.
  • Bug 1057247 - Increase favicon refetch time to four hours.
  • Bug 1060888 - Autocomplete drop down list item should not be copied to the search fields when mouse over the list item.
  • Bug 1066794 - Make the search suggestions popup on about:home/about:newtab more consistent with the main search bar's popup.
  • Bug 1039028 - Show license info for OpenH264 plugin.
  • Bug 1063896 - Loop over all url list, not just ones with metadata.
  • Bug 1066190 - Ensure that pinning checks are done for otherwise overridable errors.
  • Bug 1066726 - Concurrent HTTP cache read and write issues.
  • Bug 1065478 - POSTs are coming from offline application cache.
  • Bug 1058813 - Add telemetry probe for clicking sync preference.
  • Bug 1063128 - Make sure all preferences have keys.
  • Bug 996753 - Telemetry probes for changing settings and hitting back.

New in Thunderbird 31.1.1 (September 11th, 2014)

  • What’s New:
  • FIXED: Fixed an issue where mailing lists with spaces in their names couldn't be auto-completed (Bug 1060901)
  • FIXED: Fixed an occasional start-up crash (Bug 1005336)

New in Thunderbird 31.1.0 (September 3rd, 2014)

  • Fixed:
  • MFSA 2014-72 Use-after-free setting text directionality
  • MFSA 2014-70 Out-of-bounds read in Web Audio audio timeline
  • MFSA 2014-69 Uninitialized memory use during GIF rendering
  • MFSA 2014-68 Use-after-free during DOM interactions with SVG
  • MFSA 2014-67 Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8)

New in Thunderbird 32.0b1 Beta (August 14th, 2014)

  • Bug 777574 - Skip all quickCheckAPI tests on linux/android/emulator slaves.
  • Bug 1013007: re-enable STUN throttling in mid-beta and later.
  • Bug 1046500 - Fix mediagroup parsing in feed parser.
  • Bug 1045640 - disable tls proxying bug 378637 on gecko 32.
  • Bug 995075 - Include update_filter() changes from upstream speexdsp.
  • Bug 1032255 - TPS has to exit with code != 0 in case of failures.
  • Bug 1048133 - Check key algorithms before using them for encryption/signatures.
  • Bug 997970 - Add search suggest to Amazon for en-US.

New in Thunderbird 31.0 (July 23rd, 2014)

  • NEW: Auto-completing email addresses now matches against any part of the name or email (bug 529584)
  • NEW: Composing a mail to a newsgroup will now autocomplete newsgroup names (bug 61491)
  • FIXED: Insecure NTLM (pre-NTLMv2) authentication disabled (see 828183)
  • FIXED VULNERABILITIES:
  • MFSA 2014-66 IFRAME sandbox same-origin access through redirect
  • MFSA 2014-65 Certificate parsing broken by non-standard character encoding
  • MFSA 2014-64 Crash in Skia library when scaling high quality images
  • MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache
  • MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library
  • MFSA 2014-61 Use-after-free with FireOnStateChange event
  • MFSA 2014-59 Use-after-free in DirectWrite font handling
  • MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering
  • MFSA 2014-57 Buffer overflow during Web Audio buffering for playback
  • MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)

New in Thunderbird 31.0b3 Beta (July 16th, 2014)

  • Bug 943269 - Minor tweak that might fix the test timeouts.
  • Bug 1023547 - Fix intermittent dom/workers/test/test_promise.html failure.
  • Bug 1028972 - Adjust Breakpad reservation for inflation.
  • Bug 1034327 - Fix memory leak when TURN client is used.
  • Bug 1037464 - Upgrade virtualenv to 1.11.6 because of installation issue [bustage fix].
  • Bug 1018383 - Added request-level caching in NetworkGeolocationProvider.js.
  • Bug 1031414 - Update LZ4.
  • Bug 877661 - Mark mask-html-01-extref-02.xhtml as random on all platforms.
  • Bug 1033703 - Pin TPS to specific versions of mozbase packages.
  • Bug 1030204 - 1/2 Name constraint ANSSI(DCISS) Root cert in mozilla::pkix.
  • Bug 1030204 - 2/2 Tests for Name constraints for ANSSI(DCISS) Root cert in psm.
  • Bug 991776 - Modify the testcase to ensure encoder will receive valid data and add logs for TrackEncoder.

New in Thunderbird 24.6.0 (June 11th, 2014)

  • Security fixes:
  • MFSA 2014-52 Use-after-free with SMIL Animation Controller
  • MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer
  • MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)

New in Thunderbird 30.0b1 Beta (May 10th, 2014)

  • Fixed bugs:
  • Bug 1000961 - Make DBusReplyHandler use thread-safe ref-counting.
  • Bug 969372 - Move mediaRecorder in global scope to avoid test timeout.
  • Bug 998302 - Connect to about:config instead of about:credits to avoid accessing mozilla.org when the test runs.
  • Bug 997341 - Modify content/xul/document/test/bug497875-iframe.xul to not connect to mozilla.org.
  • Bug 1004152 - Delay telephony.dial for 1s in test cases.
  • Bug 994907 - imgDecoderObserver does reference counting on different threads, so should be using thread safe reference counting.
  • Bug 983490 - Disable test_browserElement_inproc_SetInputMethodActive.html and test_browserElement_oop_SetInputMethodActive.html for frequent failures.
  • Bug 975550 Handle python 2.6 when preventing invalid utf-8 being writting to test files.
  • Bug 1003250 - Disable automatic sync for TPS tests.
  • Bug 1006298 - TPS fails to download virtualenv due to the redirect.
  • Bug 1005504 - Fix telemetry for application reputation.
  • Bug 900954 - Expose addons.json flush to test harness.

New in Thunderbird 29.0b1 Beta (April 25th, 2014)

  • Bug 976536 - Fix JSFunction::existingScript returning NULL in some cases.
  • Bug 995995 - Set testing prefs to redirect to the test proxy server for RSS feeds.
  • Bug 996031 - Remove 455407.html crashtest.
  • Bug 996019 - Fix browser_bug435325.js to not connect to example.com.
  • Bug 996009 - Ensure that the richtext2 browserscope tests do not attempt to contact the external network.
  • Bug 997402 - both bing and yahoo params are broken.

New in Thunderbird 24.4.0 (March 19th, 2014)

  • FIXED: Several fixes to improve handling of BCC when replying to messages (bug 968270, Bug 969358)
  • Security fixes:
  • MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
  • MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
  • MFSA 2014-30 Use-after-free in TypeObject
  • MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
  • MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
  • MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
  • MFSA 2014-26 Information disclosure through polygon rendering in MathML
  • MFSA 2014-17 Out of bounds read during WAV file decoding
  • MFSA 2014-16 Files extracted during updates are not always read only
  • MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)

New in Thunderbird 24.3.0 (February 5th, 2014)

  • FIXED: Improved handling of reply-to (bug 933555)
  • Security fixes:
  • MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
  • MFSA 2014-12 NSS ticket handling issues
  • MFSA 2014-09 Cross-origin information leak through web workers
  • MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
  • MFSA 2014-04 Incorrect use of discarded images by RasterImage
  • MFSA 2014-02 Clone protected content with XBL scopes
  • MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)

New in Thunderbird 24.2.0 (December 11th, 2013)

  • Security fixes:
  • MFSA 2013-117: Mis-issued ANSSI/DCSSI certificate
  • MFSA 2013-116: JPEG information leak
  • MFSA 2013-115: GetElementIC typed array stubs can be generated outside observed typesets
  • MFSA 2013-114: Use-after-free in synthetic mouse movement
  • MFSA 2013-113: Trust settings for built-in roots ignored during EV certificate validation
  • MFSA 2013-111: Segmentation violation when replacing ordered list elements
  • MFSA 2013-109: Use-after-free during Table Editing
  • MFSA 2013-108: Use-after-free in event listeners
  • MFSA 2013-104: Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
  • Other Fixes:
  • Fixed an issue where long messages with multiple signatures could end up unreadable (bug 929006)
  • Fixed an issue where editing account settings was not possible in some non-standard configurations of local folder set-ups (bug 921371)

New in Thunderbird 24.1.1 (November 19th, 2013)

  • Security fix:
  • MFSA 2013-103: Miscellaneous Network Security Services (NSS) vulnerabilities

New in Thunderbird 24.1.0 (November 2nd, 2013)

  • FIXED: Fixed an issue where signatures were shown in too lighter grey making them difficult to read (bug 917906)
  • FIXED: Fixed an issue where Auto CC for reply might not work if the cc address is the same as the sending address (bug 917231)
  • Security fixes:
  • MFSA 2013-102 Use-after-free in HTML document templates
  • MFSA 2013-101 Memory corruption in workers
  • MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
  • MFSA 2013-98 Use-after-free when updating offline cache
  • MFSA 2013-97 Writing to cycle collected object during image decoding
  • MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
  • MFSA 2013-95 Access violation with XSLT and uninitialized data
  • MFSA 2013-94 Spoofing addressbar though SELECT element
  • MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)

New in Thunderbird 24.0 (October 11th, 2013)

  • NEW: Message threads can now be ignored or watched
  • NEW: Emails can now be sent to IDN based email addresses
  • NEW: Zoom functionality is now available in the compose window
  • CHANGED: In the Compose window, ctrl/cmd + and ctrl/cmd - now change the zoom setting rather than the font size
  • CHANGED: In Twitter, replying to a tweet now replies to all users, just like on the Twitter website
  • FIXED: Interactions in the filter list dialogs have been improved
  • FIXED: In Chat user nicknames are now highlighted when mentioned
  • FIXED: In IRC, long messages will now be sent in multiple parts instead of being cut off
  • Various security fixes:
  • MFSA 2013-92 GC hazard with default compartments and frame chain restoration
  • MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
  • MFSA 2013-90 Memory corruption involving scrolling
  • MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
  • MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
  • MFSA 2013-85 Uninitialized data in IonMonkey
  • MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
  • MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
  • MFSA 2013-81 Use-after-free with select element
  • MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
  • MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
  • MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
  • MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)

New in Thunderbird 24.0 (September 18th, 2013)

  • NEW: Message threads can now be ignored or watched
  • NEW: Emails can now be sent to IDN based email addresses
  • NEW: Zoom functionality is now available in the compose window
  • CHANGED: In the Compose window, ctrl/cmd + and ctrl/cmd - now change the zoom setting rather than the font size
  • CHANGED: In Twitter, replying to a tweet now replies to all users, just like on the Twitter website
  • FIXED: Interactions in the filter list dialogs have been improved
  • FIXED: In Chat user nicknames are now highlighted when mentioned
  • FIXED: In IRC, long messages will now be sent in multiple parts instead of being cut off
  • Various security fixes:
  • MFSA 2013-92 GC hazard with default compartments and frame chain restoration
  • MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
  • MFSA 2013-90 Memory corruption involving scrolling
  • MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
  • MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
  • MFSA 2013-85 Uninitialized data in IonMonkey
  • MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
  • MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
  • MFSA 2013-81 Use-after-free with select element
  • MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
  • MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
  • MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
  • MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)

New in Thunderbird 17.0.8 (August 7th, 2013)

  • Security fixes:
  • MFSA 2013-75 Local Java applets may read contents of local file system
  • MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
  • MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
  • MFSA 2013-71 Further Privilege escalation through Mozilla Updater
  • MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
  • MFSA 2013-68 Document URI misrepresentation and masquerading
  • MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
  • MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)

New in Thunderbird 17.0.7 (August 6th, 2013)

  • MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
  • MFSA 2013-56 PreserveWrapper has inconsistent behavior
  • MFSA 2013-55 SVG filters can lead to information disclosure
  • MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
  • MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
  • MFSA 2013-51 Privileged content access and execution via XBL
  • MFSA 2013-50 Memory corruption found using Address Sanitizer
  • MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)

New in Thunderbird 17.0.6 (August 6th, 2013)

  • MFSA 2013-48 Memory corruption found using Address Sanitizer
  • MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent
  • MFSA 2013-46 Use-after-free with video and onresize event
  • MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service
  • MFSA 2013-42 Privileged access for content level constructor
  • MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)

New in Thunderbird 17.0.5 (August 6th, 2013)

  • MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
  • MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
  • MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
  • MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
  • MFSA 2013-34 Privilege escalation through Mozilla Updater
  • MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
  • MFSA 2013-31 Out-of-bounds write in Cairo library
  • MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)

New in Thunderbird 17.0.4 (March 11th, 2013)

  • Security fixes:
  • MFSA 2013-29: Use-after-free in HTML Editor

New in Thunderbird 17.0.3 (February 20th, 2013)

  • MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
  • MFSA 2013-27 Phishing on HTTPS connection through malicious proxy
  • MFSA 2013-26 Use-after-free in nsImageLoadingContent
  • MFSA 2013-25 Privacy leak in JavaScript Workers
  • MFSA 2013-24 Web content bypass of COW and SOW security wrappers
  • MFSA 2013-23 Wrapped WebIDL objects can be wrapped again
  • MFSA 2013-22 Out-of-bounds read in image rendering
  • MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)
  • FIXED - Attachments sometimes could not be removed from the composition window using the keyboard, this is now fixed

New in Thunderbird 17.0.2 (January 9th, 2013)

  • FIXED: Pressing the 'x' button on Windows now closes only one window rather than the whole application (805185)
  • FIXED: An issue that caused occasional corruption in local folders after filtering is now fixed (815012)
  • FIXED: An issue that caused deletion of drafts saved in IMAP folders whilst in offline mode is now fixed (805626)
  • Security fixes:
  • MFSA 2013-20 Mis-issued TURKTRUST certificates
  • MFSA 2013-19 Use-after-free in Javascript Proxy objects
  • MFSA 2013-18 Use-after-free in Vibrate
  • MFSA 2013-17 Use-after-free in ListenerManager
  • MFSA 2013-16 Use-after-free in serializeToStream
  • MFSA 2013-15 Privilege escalation through plugin objects
  • MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype
  • MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG
  • MFSA 2013-12 Buffer overflow in Javascript string concatenation
  • MFSA 2013-11 Address space layout leaked in XBL objects
  • MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin policy
  • MFSA 2013-09 Compartment mismatch with quickstubs returned values
  • MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection
  • MFSA 2013-07 Crash due to handling of SSL on threads
  • MFSA 2013-05 Use-after-free when displaying table with many columns and column groups
  • MFSA 2013-04 URL spoofing in addressbar during page loads
  • MFSA 2013-03 Buffer Overflow in Canvas
  • MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer
  • MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)

New in Thunderbird 16.0.1 (October 12th, 2012)

  • Added box.com to the list of online storage services that are available for use with Thunderbird Filelink
  • Silent, background updates. Thunderbird will now download and apply updates in the background allowing you to start quickly the next time Thunderbird starts up.
  • Various fixes and performance improvements
  • Various security fixes

New in Thunderbird 16.0 (October 10th, 2012)

  • NEW: We have now added box.com to the list of online storage services that are available for use with Thunderbird Filelink
  • NEW: Silent, background updates. Thunderbird will now download and apply updates in the background allowing you to start quickly the next time Thunderbird starts up.
  • FIXED: Various fixes and performance improvements
  • FIXED: Various security fixes

New in Thunderbird 13.0.1 (June 15th, 2012)

  • FIXED: YouSendIt no longer expires Filelinks after 1 week
  • FIXED: The prompt given when a password had changed sometimes referred to a network error rather than a change of password
  • FIXED: Miscellaneous other stability and display updates

New in Thunderbird 13.0 (June 6th, 2012)

  • NEW:
  • Filelink: Upload your files to an online storage service and send links to your friends, avoiding bounce back due to large attachments. We have partnered with YouSendIt to bring this feature, but additional partners will be added in the near future.
  • NEW:
  • In partnership with Gandi and Hover, you can now sign up for a personalized email address from within Thunderbird. Along with your new email address, Thunderbird will be automatically set up and ready to send and receive messages. We are working with additional suppliers to cover more areas of the world and to provide more options in the future.
  • FIXED:
  • Various security fixes

New in Thunderbird 12.0.1 (April 30th, 2012)

  • Fix various issues relating to new mail notifications and filtering on POP3 based accounts
  • Fixes an occasional startup crash seen in TB 12.0
  • Fixes an issue with corrupted message bodies when using movemail

New in Thunderbird 12.0 Final (April 24th, 2012)

  • NEW - Global Search results now include message extracts in the results
  • FIXED - Various security fixes
  • FIXED - Various improvements to RSS feed subscription and general feed handling
  • DEVELPER - Thunderbird now supports add-ons that provide different types of local mail storage

New in Thunderbird 11.0.1 (March 28th, 2012)

  • Fixed bug in D2D blocklisting check
  • Fixed hang in imap retry url

New in Thunderbird 11.0 (March 14th, 2012)

  • NEW: New user interface with Tabs above the main menu bar to facilitate navigation and make it more contextual
  • FIXED: Thunderbird notifications may not work properly with Growl 1.3 or later (691662)
  • FIXED: Fixes a crash seen during importing of Microsoft Outlook profiles (723105)

New in Thunderbird 10.0.2 (February 17th, 2012)

  • Fix a security issue.

New in Thunderbird 10.0.1 (February 13th, 2012)

  • Several fixes to improve stability.
  • Fixed a security issue: MFSA 2012-10 use after free in nsXBLDocumentInfo::ReadPrototypeBindings.

New in Thunderbird 10.0 (January 31st, 2012)

  • New ability to search the Web
  • Improvements to email search
  • Several fixes when drafting email
  • and several other platform fixes

New in Thunderbird 9.0 Beta 3 (December 1st, 2011)

  • Added an opt-in system for users to send performance data back to Mozilla to improve future versions of Thunderbird
  • Better keyboard handling for attachments
  • Several user interface fixes and improvements
  • and numerous other platform fixes

New in Thunderbird 8.0b1 Beta (October 5th, 2011)

  • Add-ons installed by third party programs are now disabled by default
  • Added a one-time add-on selection dialog to manage previously installed add-ons
  • Improved accessibilty of the attachment lists
  • Several user interface fixes and improvements
  • and numerous other platform fixes

New in Thunderbird 7.0.1 (October 1st, 2011)

  • Fixed a rare issue where some users could find one or more of their add-ons hidden after a Thunderbird update (see the blog post)

New in Thunderbird 7.0 (September 28th, 2011)

  • Thunderbird is based on the new Mozilla Gecko 7 engine
  • Several user interface fixes and improvements
  • Several fixes to attachment handling
  • Ability to print a summary of selected email messages
  • Platform improvements to Address Book
  • Fixed several security issues
  • Numerous platform fixes that improve speed, performance and stability

New in Thunderbird 6.0.1 (August 31st, 2011)

  • Revoked the root certificate for DigiNotar due to fraudulent SSL certificate issuance

New in Thunderbird 5.0 (June 28th, 2011)

  • More responsive and faster to start up and use
  • Thunderbird is based on the new Mozilla Gecko 5 engine
  • New Add-ons Manager
  • Revised account creation wizard to improve email setup
  • New Troubleshooting Information page
  • Tabs can now be reordered and dragged to different windows
  • Attachment sizes now displayed along with attachments
  • Plugins can now be loaded in RSS feeds by default
  • There are several theme fixes for Windows Vista and Windows 7
  • Support for Mac 32/64 bit Universal builds (Thunderbird no longer supports PowerPC on Mac)
  • Over 390 platform fixes that improve speed, performance, stability and security

New in Thunderbird 3.1.11 (June 22nd, 2011)

  • Several fixes to improve performance, stability and security

New in Thunderbird 5.0 Beta 1 (June 3rd, 2011)

  • Notable changes in Thunderbird Beta include: a new Addons Manager and Extension management API, Tab enhancements, revised account creation wizard to improve email setup, new troubleshooting infromation page, and several user interface fixes and improvements.
  • New Addons Manager and extension management API (user interface will be changed before final release)
  • Tabs can now be reordered and dragged to different windows
  • Revised account creation wizard, offering improved set-up
  • Attachment sizes now displayed along with attachments
  • New troubleshooting information page to aid supporting and diagnosing problems in Thunderbird
  • Plugins can now be loaded in RSS feeds by default
  • Various other user interface fixes and improvements
  • Support for Mac 32/64 bit Universal builds (Thunderbird Beta will no longer support PowerPC on Mac)
  • and numerous other bug fixes

New in Thunderbird 3.3 Alpha 2 Miramar (January 21st, 2011)

  • Notable changes in Miramar Alpha 2 from Miramar Alpha 1
  • New Troubleshooting information page to aid supporting and diagnosing problems in Thunderbird
  • Notifications of add-on installation progress and issues now work correctly
  • Attachment reminder now works again
  • Attachment sizes are now available in the compose window
  • and numerous other bug fixes
  • Notable changes in Miramar Alpha 2 when compared to Thunderbird 3.1
  • New Addons Manager and extension management API (user interface will be changed before final release)
  • Attachment sizes now displayed along with attachments
  • Several user interface fixes for Windows Vista/Windows 7
  • Support for Mac 32/64 bit Universal builds ( will no longer support PowerPC on Mac)
  • Over 280 platform fixes to improve performance and stability

New in Thunderbird 3.1.7 / 3.0.11 (December 10th, 2010)

  • MFSA 2010-78 Add support for OTS font sanitizer
  • MFSA 2010-75 Buffer overflow while line breaking after document.write with long string
  • MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)

New in Thunderbird 3.3 Alpha 1 Miramar (November 24th, 2010)

  • New Addons Manager and extension management API (user interface will be changed before final release).
  • Attachment sizes now displayed along with attachments.
  • Several user interface fixes for Windows Vista/Windows 7.
  • Support for Mac 32/64 bit Universal builds (Miramar Alpha 1 will no longer support PowerPC on Mac).
  • Over 190 platform fixes to improve performance and stability.

New in Thunderbird 3.1.6 (October 28th, 2010)

  • Fixes a critical security issue that could potentially allow remote code execution. This issue does not affect email or newsgroups but could be triggered through browser-like features or add-ons.

New in Thunderbird 3.1.5 (October 21st, 2010)

  • MFSA 2010-72 Insecure Diffie-Hellman key exchange
  • MFSA 2010-71 Unsafe library loading vulnerabilities
  • MFSA 2010-70 SSL wildcard certificate matching IP addresses
  • MFSA 2010-69 Cross-site information disclosure via modal calls
  • MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter
  • MFSA 2010-66 Use-after-free error in nsBarProp
  • MFSA 2010-65 Buffer overflow and memory corruption using document.write
  • MFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14)
  • Several fixes to improve the user interface and add-ons experience.

New in Thunderbird 3.0.9 (October 21st, 2010)

  • New Search with Advanced Filtering Tools:
  • New Search with Advanced Filtering Tools: Search results now include advanced filtering tools. You have the option to filter your results by sender, tag, attachments, people, folder, and mailing list. You can also filter your email using the timeline tool.
  • New Global Search Field with Autocomplete: When typing in the Global Search field, Thunderbird autocompletes against your address book. You have the option of searching everywhere or filtering against different parts of the email such as by subject or by sender.
  • User Experience Improvements:
  • New Mail Account Setup Wizard: The new Mail Account Setup Wizard matches against a database of email settings from popular mail providers so that you will only need to provide your name, email, and password to set up new mail accounts.
  • Redesigned Mail Toolbar: The Mail Toolbar is redesigned to include the new Global Search bar. Buttons such as reply, forward, delete, junk are part of each email message. You can add those buttons back to the main toolbar by customizing the toolbar.
  • Tabbed Email Messages: Double-clicking or hitting enter on a mail message will now open that message in a New Tab window. Middle-clicking on messages or folders will open them in a Tab in the background. When quitting Thunderbird, visible tabs will be saved and will be restored when you open Thunderbird the next time. There is also a new Tab menu on the Tab toolbar to help you switch between Tabs.
  • Smart Folders: The folder pane offers a Smart Folders mode which combines special mailboxes, like Inbox, from multiple accounts. Smart Folders is now on by default.
  • New Message Summary View: Selecting multiple messages will give you a summary view of the emails you have selected.
  • Column Headings: The column headings that are displayed and the order in which they are displayed can now be set on a per-folder basis.
  • Message Archive: You can now file messages from your Inbox or other folders into the new Archive folder system.
  • Activity Manager: The Activity Manager records all the interactions between Thunderbird and your email provider in one place.
  • New Add-ons Manager: The new Add-ons Manager (Tools > Add-ons) can now be used to find, download, and install Thunderbird Add-ons which includes Extensions, Themes, and Plugins.
  • Improved Address Book: If someone is in your address book, it is indicated by a new star icon which you can click to edit contact details inline. If they are not in your address book, you can add them with one click of the icon. A new birthday field allows you to keep track of your friends' birthdays. You can also add a photo for contacts in your address book.
  • Improved Gmail Integration: Better recognition and integration of Gmail's special folders such as Sent and Trash including non-English versions of Gmail. Thunderbird also uses All Mail as the Archives folder.
  • For Windows Vista users, Thunderbird 3 is now integrated with Vista search results. On first start, Thunderbird will prompt to install its indexing system into Windows Vista and you can choose to see Thunderbird email and news messages in Windows search results.
  • For Mac users, Thunderbird 3 is now integrated with Spotlight, can import from Mail.app, read your OS X address book, and use Growl for new mail alerts.
  • Performance Improvements:
  • IMAP Folder Synchronization: Thunderbird will download IMAP messages by default in the background to allow for faster message loading and better offline operation. This feature can be enabled on an individual folder basis via Folder properties, or for all folders in an account via Account Settings / 'Synchronize & Storage'.

New in Thunderbird 3.1.3 (September 8th, 2010)

  • Several fixes to improve stability and security, see the Security Advisory.
  • Several fixes to improve stability.
  • Several fixes to the user interface.

New in Thunderbird 3.1.2 (August 6th, 2010)

  • Several fixes to improve stability.
  • Several fixes to the user interface.

New in Thunderbird 3.1 (June 25th, 2010)

  • Faster Search Results and Quick Filter Toolbar:
  • Faster Search Results:
  • Message indexing is faster and provides users with faster search results.
  • Quick Filter Toolbar:
  • New Quick Filter Toolbar lets you filter against search terms, tags, starred messages, address book contacts, new emails, and attachments.
  • User Experience Improvements:
  • New Migration Assistant:
  • The new Migration Assistant gives Thunderbird 2 users a way to choose the new features in Thunderbird 3.1 or to keep their current features and settings.
  • Saved Files Manager:
  • New Saved Files Manager displays all the files you downloaded from your email to your computer.
  • Mail Account Setup Wizard:
  • Hundreds of ISP settings have been added to make setting up Thunderbird easier. The Mail Account Setup Wizard matches against a database of email settings from popular mail providers so that you will only need to provide your name, email, and password to set up new mail accounts.
  • Performance Improvements:
  • Improvements to Stability, Memory, and Password Handling

New in Thunderbird 3.0.5 (June 18th, 2010)

  • This release improves the performance of indexing messages and accessing profiles stored on a network.
  • This release also improves the unread email notification on Mac OS X.
  • Several fixes to the user interface.

New in Thunderbird 3.1 RC2 (June 9th, 2010)

  • Faster Search Results and Quick Filter Toolbar:
  • Faster Search Results - Message indexing is faster and provides users with faster search results.
  • Quick Filter Toolbar - New Quick Filter Toolbar lets you filter against search terms, tags, starred messages, address book contacts, new emails, and attachments.
  • User Experience Improvements:
  • New Migration Assistant - The new Migration Assistant gives Thunderbird 2 users a way to choose the new features in Thunderbird 3.1 or to keep their current features and settings.
  • Saved Files Manager - New Saved Files Manager displays all the files you downloaded from your email to your computer.
  • Mail Account Setup Wizard - Hundreds of ISP settings have been added to make setting up Thunderbird easier. The Mail Account Setup Wizard matches against a database of email settings from popular mail providers so that you will only need to provide your name, email, and password to set up new mail accounts.
  • Performance Improvements:
  • Improvements to Stability, Memory, and Password Handling

New in Thunderbird 3.1 RC1 (May 27th, 2010)

  • Faster Search Results and Quick Filter Toolbar:
  • Faster Search Results: Message indexing is faster and provides users with faster search results.
  • Quick Filter Toolbar: New Quick Filter Toolbar lets you filter against search terms, tags, starred messages, address book contacts, new emails, and attachments.
  • User Experience Improvements:
  • New Migration Assistant: The new Migration Assistant gives Thunderbird 2 users a way to choose the new features in Thunderbird 3.1 or to keep their current features and settings.
  • Saved Files Manager: New Saved Files Manager displays all the files you downloaded from your email to your computer.
  • Mail Account Setup Wizard: Hundreds of ISP settings have been added to make setting up Thunderbird easier. The Mail Account Setup Wizard matches against a database of email settings from popular mail providers so that you will only need to provide your name, email, and password to set up new mail accounts.
  • Performance Improvements:
  • Improvements to Stability, Memory, and Password Handling

New in Thunderbird 3.1 Beta 2 (May 6th, 2010)

  • New quick filter toolbar.
  • New migration assistant.
  • Improved support for Personas.
  • Several fixes to improve upgrading from Thunderbird 2.
  • Several design improvements and corrections to the interface.
  • Stability and memory improvements.

New in Thunderbird 3.0.3 (March 1st, 2010)

  • Fix for missing folders or empty folder pane after updating to Thunderbird 3.0.2

New in Thunderbird 3.1 Alpha 1 (February 3rd, 2010)

  • Several improvements to IMAP.
  • Several fixes for Smart Folders, message filters, and attachment handling.
  • Several design improvements and corrections to the interface.
  • Download Manager is now accessible as a menu item (Tools > Saved Files).
  • Stability and memory improvements.

New in Thunderbird 3.0.1 (January 21st, 2010)

  • Several fixes to improve stability and security.
  • Several fixes to the user interface and attachment handling.

New in Thunderbird 3.0.0 (January 20th, 2010)

  • New Search with Advanced Filtering Tools:
  • New Search with Advanced Filtering Tools - Search results now include advanced filtering tools. You have the option to filter your results by sender, tag, attachments, people, folder, and mailing list. You can also filter your email using the timeline tool.
  • New Global Search Field with Autocomplete - When typing in the Global Search field, Thunderbird autocompletes against your address book. You have the option of searching everywhere or filtering against different parts of the email such as by subject or by sender.
  • User Experience Improvements:
  • New Mail Account Setup Wizard - The new Mail Account Setup Wizard matches against a database of email settings from popular mail providers so that you will only need to provide your name, email, and password to set up new mail accounts.
  • Redesigned Mail Toolbar - The Mail Toolbar is redesigned to include the new Global Search bar. Buttons such as reply, forward, delete, junk are part of each email message. You can add those buttons back to the main toolbar by customizing the toolbar.
  • Tabbed Email Messages - Double-clicking or hitting enter on a mail message will now open that message in a New Tab window. Middle-clicking on messages or folders will open them in a Tab in the background. When quitting Thunderbird, visible tabs will be saved and will be restored when you open Thunderbird the next time. There is also a new Tab menu on the Tab toolbar to help you switch between Tabs.
  • Smart Folders - The folder pane offers a Smart Folders mode which combines special mailboxes, like Inbox, from multiple accounts. Smart Folders is now on by default.
  • New Message Summary View - Selecting multiple messages will give you a summary view of the emails you have selected.
  • Column Headings - The column headings that are displayed and the order in which they are displayed can now be set on a per-folder basis.
  • Message Archive - You can now file messages from your Inbox or other folders into the new Archive folder system.
  • Activity Manager - The Activity Manager records all the interactions between Thunderbird and your email provider in one place.
  • New Add-ons Manager - The new Add-ons Manager (Tools > Add-ons) can now be used to find, download, and install Thunderbird Add-ons which includes Extensions, Themes, and Plugins. Note that few Add-ons are compatible with this beta at the time of release, as Add-on developers need to upgrade them.
  • Improved Address Book - If someone is in your address book, it is indicated by a new star icon which you can click to edit contact details inline. If they are not in your address book, you can add them with one click of the icon. A new birthday field allows you to keep track of your friends' birthdays. You can also add a photo for contacts in your address book.
  • Improved Gmail Integration - Better recognition and integration of Gmail's special folders such as Sent and Trash including non-English versions of Gmail. Thunderbird also uses All Mail as the Archives folder.
  • For Windows Vista users, Thunderbird 3 is now integrated with Vista search results. On first start, Thunderbird will prompt to install its indexing system into Windows Vista and you can choose to see Thunderbird email and news messages in Windows search results.
  • For Mac users, Thunderbird 3 is now integrated with Spotlight, can import from Mail.app, read your OS X address book, and use Growl for new mail alerts.
  • Performance Improvements:
  • IMAP Folder Synchronization - Thunderbird will download IMAP messages by default in the background to allow for faster message loading and better offline operation. This feature can be enabled on an individual folder basis via Folder properties, or for all folders in an account via Account Settings / 'Synchronize & Storage'.

New in Thunderbird 3.0.0 RC2 (December 2nd, 2009)

  • New Search with Advanced Filtering Tools:
  • New Search with Advanced Filtering Tools - Search results now include advanced filtering tools. You have the option to filter your results by sender, tag, attachments, people, folder, and mailing list. You can also filter your email using the timeline tool.
  • New Global Search Field with Autocomplete - When typing in the Global Search field, Thunderbird autocompletes against your address book. You have the option of searching everywhere or filtering against different parts of the email such as by subject or by sender.
  • User Experience Improvements:
  • New Mail Account Setup Wizard - The new Mail Account Setup Wizard matches against a database of email settings from popular mail providers so that you will only need to provide your name, email, and password to set up new mail accounts.
  • Redesigned Mail Toolbar - The Mail Toolbar is redesigned to include the new Global Search bar. Buttons such as reply, forward, delete, junk are part of each email message. You can add those buttons back to the main toolbar by customizing the toolbar.
  • Tabbed Email Messages - Double-clicking or hitting enter on a mail message will now open that message in a New Tab window. Middle-clicking on messages or folders will open them in a Tab in the background. When quitting Thunderbird, visible tabs will be saved and will be restored when you open Thunderbird the next time. There is also a new Tab menu on the Tab toolbar to help you switch between Tabs.
  • Smart Folders - The folder pane offers a Smart Folders mode which combines special mailboxes, like Inbox, from multiple accounts. Smart Folders is now on by default.
  • New Message Summary View - Selecting multiple messages will give you a summary view of the emails you have selected.
  • Column Headings - The column headings that are displayed and the order in which they are displayed can now be set on a per-folder basis.
  • Message Archive - You can now file messages from your Inbox or other folders into the new Archive folder system.
  • Activity Manager - The Activity Manager records all the interactions between Thunderbird and your email provider in one place.
  • New Add-ons Manager - The new Add-ons Manager (Tools > Add-ons) can now be used to find, download, and install Thunderbird Add-ons which includes Extensions, Themes, and Plugins. Note that few Add-ons are compatible with this beta at the time of release, as Add-on developers need to upgrade them.
  • Improved Address Book - If someone is in your address book, it is indicated by a new star icon which you can click to edit contact details inline. If they are not in your address book, you can add them with one click of the icon. A new birthday field allows you to keep track of your friends' birthdays. You can also add a photo for contacts in your address book.
  • Improved Gmail Integration - Better recognition and integration of Gmail's special folders such as Sent and Trash including non-English versions of Gmail. Thunderbird also uses All Mail as the Archives folder.
  • For Windows Vista users, Thunderbird 3 is now integrated with Vista search results. On first start, Thunderbird will prompt to install its indexing system into Windows Vista and you can choose to see Thunderbird email and news messages in Windows search results.
  • For Mac users, Thunderbird 3 is now integrated with Spotlight, can import from Mail.app, read your OS X address book, and use Growl for new mail alerts.
  • Performance Improvements:
  • IMAP Folder Synchronization - Thunderbird will download IMAP messages by default in the background to allow for faster message loading and better offline operation. This feature can be enabled on an individual folder basis via Folder properties, or for all folders in an account via Account Settings / 'Synchronize & Storage'.

New in Thunderbird 3.0.0 RC1 (November 25th, 2009)

  • New Search with Advanced Filtering Tools:
  • Search results now include advanced filtering tools. You have the option to filter your results by sender, tag, attachments, people, folder, and mailing list. You can also filter your email using the timeline tool.
  • New Global Search Field with Autocomplete
  • When typing in the Global Search field, Thunderbird autocompletes against your address book. You have the option of searching everywhere or filtering against different parts of the email such as by subject or by sender.
  • User Experience Improvements:
  • New Mail Account Setup Wizard - The new Mail Account Setup Wizard matches against a database of email settings from popular mail providers so that you will only need to provide your name, email, and password to set up new mail accounts.
  • Redesigned Mail Toolbar - The Mail Toolbar is redesigned to include the new Global Search bar. Buttons such as reply, forward, delete, junk are part of each email message. You can add those buttons back to the main toolbar by customizing the toolbar.
  • Tabbed Email Messages - Double-clicking or hitting enter on a mail message will now open that message in a New Tab window. Middle-clicking on messages or folders will open them in a Tab in the background. When quitting Thunderbird, visible tabs will be saved and will be restored when you open Thunderbird the next time. There is also a new Tab menu on the Tab toolbar to help you switch between Tabs.
  • Smart Folders - The folder pane offers a Smart Folders mode which combines special mailboxes, like Inbox, from multiple accounts. Smart Folders is now on by default.
  • New Message Summary View - Selecting multiple messages will give you a summary view of the emails you have selected.
  • Column Headings - The column headings that are displayed and the order in which they are displayed can now be set on a per-folder basis.
  • Message Archive - You can now file messages from your Inbox or other folders into the new Archive folder system.
  • Activity Manager - The Activity Manager records all the interactions between Thunderbird and your email provider in one place.
  • New Add-ons Manager - The new Add-ons Manager (Tools > Add-ons) can now be used to find, download, and install Thunderbird Add-ons which includes Extensions, Themes, and Plugins. Note that few Add-ons are compatible with this beta at the time of release, as Add-on developers need to upgrade them.
  • Improved Address Book - If someone is in your address book, it is indicated by a new star icon which you can click to edit contact details inline. If they are not in your address book, you can add them with one click of the icon. A new birthday field allows you to keep track of your friends' birthdays. You can also add a photo for contacts in your address book.
  • Improved Gmail Integration - Better recognition and integration of Gmail's special folders such as Sent and Trash including non-English versions of Gmail. Thunderbird also uses All Mail as the Archives folder.
  • For Windows Vista users, Thunderbird 3 is now integrated with Vista search results. On first start, Thunderbird will prompt to install its indexing system into Windows Vista and you can choose to see Thunderbird email and news messages in Windows search results.
  • For Mac users, Thunderbird 3 is now integrated with Spotlight, can import from Mail.app, read your OS X address book, and use Growl for new mail alerts.
  • Performance Improvements:
  • IMAP Folder Synchronization - Thunderbird will download IMAP messages by default in the background to allow for faster message loading and better offline operation. This feature can be enabled on an individual folder basis via Folder properties, or for all folders in an account via Account Settings / 'Synchronize & Storage'.

New in Thunderbird 2.0.0.23 (August 24th, 2009)

  • Compromise of SSL-protected communication.

New in Thunderbird 3.0.0 Beta 3 (July 23rd, 2009)

  • Thunderbird 3 Beta 3 is based on the Gecko 1.9.1.1 platform including some major re-architecting to provide improved performance, stability, web compatibility, and code simplification and sustainability.
  • There are over 500 changes in this release, many laying the groundwork for future changes.
  • Developer Improvements:
  • Thread Pane and Tab Refactoring: See Thread Pane UI refactoring discussion for additional details.
  • Fixes For Extension Developers: See Thunderbird Extensions and Thunderbird HowTos for developer documentation.
  • User Experience Improvements:
  • Tabbed Email Messages: Double-clicking or hitting enter on a mail message will now open that message in a New Tab window. Middle-clicking on messages or folders will open them in a Tab in the background. When quitting Thunderbird, visible tabs will be saved and will be restored when you open Thunderbird the next time. There is also a new Tab menu on the Tab toolbar to help you switch between Tabs.
  • New Message Summary View: Selecting multiple messages will give you a summary view of the emails you have selected.
  • Column Headings: The column headings that are displayed and the order in which they are displayed can now be set on a per-folder basis.
  • Smart Folders: The folder pane offers a Smart Folders mode which combines special mailboxes (e.g. Inbox) from multiple accounts together.
  • Improved Gmail Integration: Better recognition and integration of Gmail's special folders such as Sent and Trash including non-English versions of Gmail. Thunderbird also uses All Mail as the Archives folder.

New in Thunderbird 2.0.0.22 (June 23rd, 2009)

  • Crash viewing multipart/alternative message with text/enhanced part.
  • JavaScript chrome privilege escalation.
  • Arbitrary code execution using event listeners attached to an element whose owner document is null.
  • Tampering via non-200 responses to proxy CONNECT requests.
  • Crashes with evidence of memory corruption (rv:1.9.0.11).
  • Same-origin violations when Adobe Flash loaded via view-source: scheme.
  • Crashes with evidence of memory corruption (rv:1.9.0.9).

New in Thunderbird 3.0.0 Beta 2 (February 26th, 2009)

  • User Experience Improvements:
  • Message Archive:
  • You can now file messages from your Inbox or other folders into the new Archive folder system.
  • Activity Manager:
  • The Activity Manager records all the interactions between Thunderbird and your email provider in one place.
  • Performance improvements:
  • Faster Message Loading for IMAP:
  • Thunderbird will now download IMAP messages by default in the background to allow for faster message loading, and better offline operation. This feature can be enabled on an individual folder basis (via folder properties), or for all folders in an account, via Account Settings / Sync & Disk Space.

New in Thunderbird 2.0.0.19 (January 2nd, 2009)

  • XSS and JavaScript privilege escalation.
  • Escaped null characters ignored by CSS parser.
  • Errors parsing URLs with leading whitespace and control characters.
  • Cross-domain data theft via script redirect error message.
  • XMLHttpRequest 302 response disclosure.
  • Information stealing via loadBindingDocument.
  • Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19).

New in Thunderbird 3.0.0 Beta 1 (December 10th, 2008)

  • User Experience Improvements:
  • Tabbed Email: Email messages, folders, and calendars (with the Lightning extension installed) can be opened in tabs.
  • Improved Message Reader View: This is the first stage of a series of refinements to the message reading experience. The first stage brings email controls closer to the area in which the user is operating.
  • New Add-ons Manager: The new Add-ons Manager (Tools > Add-ons) can now be used to find, download, and install Thunderbird Add-ons which includes Extensions, Themes, and Plugins. Note that few Add-ons are compatible with this beta at the time of release, as Add-on developers need to upgrade them.
  • Improved Address Book: If someone is in your address book, it is indicated by a new star icon which you can click to edit contact details inline. If they are not in your address book, you can add them with one click of the icon. A new birthday field allows you to keep track of your friends' birthdays.
  • For Windows Vista users, Thunderbird 3 Beta 1 is now integrated with Vista search results. On first start, Thunderbird will prompt to install its indexing system into Windows Vista and you can choose to see Thunderbird email and news messages in Windows search results.
  • For Mac users, Thunderbird 3 Beta 1 can import from Mail.app, read your OS X address book, and use Growl for new mail alerts.
  • Performance improvements:
  • Faster Message Loading for IMAP: Thunderbird will now download IMAP messages in the background to allow for faster message loading, and better offline operation. This feature can be enabled on an individual folder basis (via folder properties), or for all folders in an account, via Account Settings / Sync & Disk Space.

New in Thunderbird 2.0.0.18 (November 20th, 2008)

  • MFSA 2008-59 Script access to .documentURI and .textContent in mail
  • MFSA 2008-58 Parsing error in E4X default namespace
  • MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
  • MFSA 2008-55 Crash and remote code execution in nsFrameManager
  • MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
  • MFSA 2008-50 Crash and remote code execution via __proto__ tampering
  • MFSA 2008-48 Image stealing via canvas and HTTP redirect

New in Thunderbird 2.0.0.17 (September 26th, 2008)

  • MFSA 2008-46 Heap overflow when canceling newsgroup message
  • MFSA 2008-44 resource: traversal vulnerabilities
  • MFSA 2008-43 BOM characters stripped from JavaScript before execution
  • MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
  • MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
  • MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
  • MFSA 2008-37 UTF-8 URL stack buffer overflow

New in Thunderbird 2.0.0.16 (September 1st, 2008)

  • The following security issues have been fixed:
  • MFSA 2008-34 Remote code execution by overflowing CSS reference counter
  • MFSA 2008-33 Crash and remote code execution in block reflow
  • MFSA 2008-31 Peer-trusted certs can use alt names to spoof
  • MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
  • MFSA 2008-26 Buffer length checks in MIME processing
  • MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
  • MFSA 2008-24 Chrome script loading from fastload file
  • MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)

New in Thunderbird 2.0.0.14 (May 6th, 2008)

  • Fixed security issues
  • Fix: Crashes with evidence of memory corruption (rv:1.8.1.13)
  • Fix: JavaScript privilege escalation and arbitrary code execution

New in Thunderbird 2.0.0.12 (February 27th, 2008)

  • MFSA 2008-12 Heap buffer overflow in external MIME bodies
  • MFSA 2008-07 Possible information disclosure in BMP decoder
  • MFSA 2008-05 Directory traversal via chrome: URI
  • MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
  • MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)