Thunderbird 102 released with highly anticipated features, bug fixes

Mozilla has announced the release of Thunderbird 102, highlighting it as a 'serious upgrade,' bringing new features that the community has been requesting for a while now, like refreshed GUI, viewing options, data portability enhancements, and performance upgrades.

Thunderbird is one of the world's most popular free and open-source email clients, with an estimated user base of over 25 million.

As with every point release, Thunderbird 102 also introduces several security fixes for high-impact flaws that could be exploited for spoofing attacks, DoS, and arbitrary code execution.

New features in Thunderbird 102

One of the highlighted new features in Thunderbird 102 is the new Address Book and contact layout, which gives users a clean and modernized "card-like" look for their contacts.

Also, the new Address Book supports importing contacts from Google Contacts lists or Android smartphones.

Combined with the new import/export wizard for moving data, Thunderbird 102 offers an effortless way to use the client across multiple devices.

Another important new feature is the Spaces Toolbar, which gives users a quick way to switch between Mail, Address Book, Calendar, Tasks, and Chat. The Toolbar can be adjusted to include the items the user needs most.

The message header has also been redesigned to offer users customization options like which elements to view, their size, hide labels, addresses, etc.

Finally, support for the Matrix VOIP and chat app has been added, giving Thunderbird users the ability to communicate through the decentralized protocol directly within the email client.

Security fixes

Mozilla addressed ten vulnerabilities this time, with four classified as high-impact flaws. Here's a summary of the most important squashed bugs:

CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content, potentially leading to user confusion or spoofing attacks. CVE-2022-34470: Use-after-free in nsSHistory during navigating between XML documents, causing a potentially exploitable crash. CVE-2022-34468: An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link. CVE-2022-34484: Memory corruption bugs in Thunderbird 102 and 91.11.

None of the above have been marked as actively exploited, but upgrading to the latest version that fixes those bugs is still important.

Finally, it's important to underline that Thunderbird 102 is a release for enthusiasts who want to try out new features and help with bug reporting.

As such, version 102 is not part of the stable branch intended to be used in environments that favor stability and reliability. For users who prioritize those traits, Mozilla released version 91.11.