A new version of the open source email client Thunderbird is available. Thunderbird 78.5.1 is a bug fix and security release. The security issue that is addressed has been rated as high, the second highest severity rating after critical.
The new version of the email client is already available. Thunderbird users should get it offered to them automatically; those who don"t want to wait can select Help > About Thunderbird in the email client to run a manual check for updates. The "About" window displays the currently installed version of Thunderbird making it easy to compare the installed version to the latest.Thunderbird 78.5.1
The development team lists one security issue that has been fixed in Thunderbird 78.5.1. It is not an issue that is actively exploited at this time.
CVE-2020-26970: Stack overflow due to incorrect parsing of SMTP server response codes
When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable.
The official release notes list one new feature, two changes, and a good dozen fixes.
The new feature enables Thunderbird users to disable the encryption of the email subject when using the built-in OpenPGP functionality. The changes introduce support for multi-file selection and bulk importing of OpenPGP keys in the email client, and a change in the getComposeDetails function that extensions may use. The function will wait for "compose-editor-ready" events in the new version.
The following issues are corrected in Thunderbird 78.5.1:
Now You: have you installed the latest Thunderbird version?