Thunderbird Changelog

New in version 38.2.0

August 15th, 2015
  • Changed: Hardware acceleration is now disabled by default to avoid crashing Thunderbird
  • Fixed: A few bugs have been fixed to avoid crashing Thunderbird

New in version 40.0b1 Beta (July 24th, 2015)

  • Automated checkin: version bump for thunderbird 40.0b1 release.

New in version 38.1.0 (July 10th, 2015)

  • Bug Fixes:
  • Copy/Paste into plain text editor deletes newlines from quoted text (bug 1143570)
  • Cross-posts won't send because Newsgroups: groups are separated with comma+space, not just comma (bug 1151448)
  • Cannot send email through exchange server (NTLM) (bug 1174159)
  • Doesn't display GB2312 encoded texts correctly for Chinese Characters (bug 1174580)
  • OAuth2 authentication for GMail does not work when specified server is imap.gmail.com or smtp.gmail.com. (bug 1176773)
  • Security fixes:
  • 2015-71 NSS incorrectly permits skipping of ServerKeyExchange
  • 2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
  • 2015-67 Key pinning is ignored when overridable errors are encountered
  • 2015-66 Vulnerabilities found through code inspection
  • 2015-63 Use-after-free in Content Policy due to microtask execution error
  • 2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)

New in version 38.0.1 (June 11th, 2015)

  • NEW:
  • GMail supports OAuth2 authentication, removing the need to manually select "allow less secure applications" in Google options for the account. (bug 849540)
  • Ship Lightning calendar addon with Thunderbird and enable with an opt-out dialog (bug 1113183)
  • Filter sent messages (bug 11039)
  • Filter messages when archived (bug 479823)
  • Enable search in multiple/all address books (bug 170270)
  • Add support for Yahoo Messenger in Chat (bug 955574)
  • Support Internationalized domain name URLs for RSS feeds (Bug 1018589)
  • Show expanded columns in folder pane (bug 464973)
  • Allow file-per-message (maildir) local message storage (bug 845952)
  • Add a Learn more link to the support page in feeds subscribe dialog (bug 1053782)
  • Add reading position marker line to conversations (bug 760762)
  • The editor for twitter should show inputtable character count (bug 736002)
  • CHANGED:
  • Thunderbird will no longer use SHA-1 to sign messages (bug 1018259)
  • Removed rarely used character sets: T.61-8bit, non-encoding Mac encoders, VISCII, x-viet-tcvn5712, x-viet-vps x-johab, ARMSCII8 , map us-ascii to windows-1252, ISO-8859-6-I and -E and ISO-8859-8-E, (bug 1068505 and others.)
  • Disable CONDSTORE support for IMAP to prevent discrepancies in IMAP message status (deleted, unread) on some servers (bug 912216)
  • Make OpenSearch queries open in the user's default browser (bug 1120777)
  • Default to using SSL for XMPP and IRC. This might cause issues for self-signed certificates (bug 1122567, bug 1122666)
  • FIXED:
  • Replied/forwarded icons disappear after folder repair, detach/delete (bug 840418)
  • Attachment "Save As" files are displayed in Tools/Saved Files (bug 914517)
  • Adding unknown email addresses to Mailing list, then deleting ghost duplicate entries from contacts pane, caused dataloss in mailing list (bug 628035)
  • Web site from RSS feed was not rendered correctly (bug 662907)
  • Email address with leading/trailing whitespace displayed wrongly with added quotes when composing ["foo"@bar.com] (bug 286760)
  • Force display of Sender header if S/MIME sender is the signer (bug 332639)
  • Addressing autocomplete widget: Typed text in red despite results/matches found if suggestions change by last input (bug 1042561)
  • Status bar not accessible (bug 934875)
  • Wrong folder may be deleted when requesting junk delete (bug 1018960)
  • Severe UI stutter or freezes getting new mail for very large folders (bug 870556)
  • Automatically rejoin multi-user conversations on reconnect for XMPP (bug 1014472)
  • Various improvements when using IRC on moznet (bug 1083768 and others)
  • Significantly improve XMPP support (bug 1085022 and others)
  • Fixes for connecting to non-standard IRC networks (bug 870556 and others)
  • Automatically reclaim IRC nicks during a reconnect (bug 1087566)
  • Changing location in editor doesn't preserve the font when returning to end of text/line (bug 756984)
  • Inline spell checker loses red underlines after a backspace is used (bug 1100966)

New in version 38.0b6 Beta (May 25th, 2015)

  • Bug 1158761 - Part 1: Make CheckPluginStopEvent run asynchronously.
  • Bug 1158761 - Part 2: Update checks for plugin stop event in tests.
  • Bug 960762 - Fix intermittence of Notification mochitests.
  • Bug 978846 - Add a file to the tree to tell mozharness what arguments from try are acceptable to pass on to the harness process.
  • Bug 1149842 - Release the mutex for NS_OpenAnonymousTemporaryFile to prevent the deadlock.
  • ug 1163841 - Always call eglInitialize(), but kill the preloading hack (which was crashing before).
  • Bug 1166240 - Add pocket.svg to aero section of toolkit's windows/jar.mn.
  • Bug 1164866 - Bump mozharness.json to rev 6f91445be987.
  • ug 1151619 - Add Adjust SDK license.
  • Bug 1147487 - Don't try to reader-ize non-HTML documents.
  • Bug 1160407 - Redirect links within the Pocket panel to open in non-private windows when temporary Private Browsing is used.
  • Bug 1165416 - Update Pocket code to latest version (May 15th code drop).
  • Bug 1163917 - Remove the widget from its area if the conditionalDestroy promise is resolved truthy.
  • Bug 1165135 - Distribution directory not removed on pave over install.
  • Bug 1164426 - Build reader mode blocklist.
  • Bug 1164940 - Lazily create iframe.

New in version 31.7.0 (May 15th, 2015)

  • Security fixes:
  • 2015-57: Privilege escalation through IPC channel messages
  • 2015-54: Buffer overflow when parsing compressed XML
  • 2015-51: Use-after-free during text processing with vertical text enabled
  • 2015-48: Buffer overflow with SVG content and CSS
  • 2015-47: Buffer overflow parsing H.264 video with Linux Gstreamer
  • 2015-46: Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)

New in version 38.0b4 Beta (May 2nd, 2015)

  • Bug 1159300 - Add a clone of gmp-fake that doesn't do decryption.
  • Bug 1159300 - Don't use decrypting Gecko Media Plugins for non-encrypted playback.
  • Bug 1158568 - Fix potential size overflow.
  • Bug 1156131 - mingw cross compilation fixup.
  • Bug 1154791 - Remember all ranges for all selections when splitting nodes in the editor transactions - missing files from merge conflict
  • Bug 1154791 - Remember all ranges for all selections when splitting nodes in the editor transactions;
  • Bug 756984 - Collapse the selection on the last text node on the line, skipping br and inline frames when clicking past the end of line;
  • Bug 1100966 - Remember all ranges for all selections when joining nodes in the editor transactions;
  • Bug 1155474 - Consider the input to MThrowUninitializedLexical implicitly used.
  • Backed out changeset daaa2c27b89f (bug 1155474) for bustage.
  • Bug 1149605 - Avoid potential integers overflow.
  • Bug 1155474 - Consider the input to MThrowUninitializedLexical implicitly used.
  • Bug 1154703 - Avoid using WARP if nvdxgiwrapper.dll is around.
  • Bug 1158627 - WebRTC return error if GetEmptyFrame returns null.

New in version 38.0b3 Beta (April 25th, 2015)

  • Bug 1139591 - Skip browser_timeline_overview-initial-selection-01.js on OSX debug.
  • Bug 1156560 - Prefer old CDMs on update if they are in use.
  • Bug 1156913 - Use highlighttext color also for :active menus.
  • Bug 1155684 - Part 1-3: Remove reading list sync integration.
  • Bug 1155684 - Part 0: Disable reading list sync in confvars.sh.
  • Bug 1154960 - Fennec should explicitly block the DOM SiteSpecificUserAgent.js file from packaging.
  • Bug 1152550 - Make sure that cross-global Iterator cannot be broken.
  • Bug 1152016 - Suppress fprintf(stderr)'s from jpeg in MJPEG decode.
  • Bug 1151628 - Re-enable MJPEG in libyuv (especially for getUserMedia).
  • Bug 1091155 - Don't check if 'playing' has fired for it depends on how fast decoding is which is not reliable.
  • Bug 1157702 - Re-disable Reading List for Fx 38.0.5.
  • Bug 1155083 - Properly hide reader view tablet on landscape tablets.
  • Bug 1152354 - Remove no longer needed assertion expectation.
  • Bug 1108104 - Fix rebase bustage.

New in version 38.0b2 Beta (April 17th, 2015)

  • Bug fixes:
  • Bug 1148923 - min-width the font menulists
  • Bug 1154814 - Move font rules from 'rt' to 'rtc, rt' and make text-emphasis conditional.
  • Bug 1153973 - Don't blindly apply deletions as insertions.
  • Bug 1152121 - Factor out logic to get original URL from reader URL into shared place, and handle malformed URI excpetions.
  • Bug 1141931 - Part 0: Fix unicode-bidi value of ruby elements in html.css.
  • Bug 1145981 - Do not crash when a DIB texture is updated without a compositor.
  • Bug 847903 - Skip 691096-1.html on OSX 10.6 due to intermittent crashes.
  • Bug 1120748 - Resolve intermittent failure of browser_ssl_error_reports.js.
  • Bug 1021174 - Skip test_bug495145.html on OSX 10.6 due to intermittent crashes.
  • Bug 1097721 - Skip test_mozaudiochannel.html on OSX 10.6 due to intermittent crashes.
  • Bug 1092202 - Skip testGetUserMedia for frequent failures.
  • Bug 1150862, make about:reader unlinkable from content on desktop.
  • Bug 1150703 - Allow about: pages to be unlinkable even if "safe for content”.
  • Bug 1154447 - add aero asset for update badge.
  • Bug 1148071 - Fix CDM update behavior.

New in version 31.6.0 (April 1st, 2015)

  • Security fixes:
  • 2015-40 Same-origin bypass through anchor navigation
  • 2015-37 CORS requests should not follow 30x redirections after preflight
  • 2015-33 resource:// documents can load privileged pages
  • 2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin
  • 2015-30 Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)

New in version 37.0b1 Beta (March 11th, 2015)

  • Bug fixes:
  • Bug 1121417 - Change hiddenOneOffs pref to use unichar type.
  • Bug 1106926 - Ensure that removing a hidden one click search provider also removes it from the browser.search.hiddenOneOffs pref
  • Bug 453969 - Fix the race in test_bug382113.html so we don't set our child-onload-fired boolean to false _after_ the child onload has already fired.
  • Bug 949971 - Set longer timeout for test_input_typing_sanitization.html.
  • Bug 1130150 - mSources update.
  • Bug 1133634 - Fix CanPlayType in GStreamer backend.
  • Bug 981869 - Blacklist crashy flump3dec gstreamer plugin.
  • Bug 1136616 - Allow underscores in reference DNS-IDs in mozilla::pkix name matching.
  • Bug 1051556 - Simplify GeckoEditable exception messages.
  • Bug 1136533 - Remove about:media page.
  • Bug 1140638 - Disable CSP referrer directive.

New in version 31.5.0 (February 25th, 2015)

  • Security fixes:
  • 2015-24 Reading of local files through manipulation of form autocomplete
  • 2015-19 Out-of-bounds read and write while rendering SVG content
  • 2015-16 Use-after-free in IndexedDB
  • 2015-12 Invoking Mozilla updater will load locally stored DLL files
  • 2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)

New in version 36.0b1 Beta (February 9th, 2015)

  • Bug 1109467 - Appear.in added to screensharing whitelist.
  • Bug 1116891 - Do fallback with RC4 cipher suites after PR_CONNECT_RESET_ERROR.
  • Bug 1029545 - Disable browser_dbg_variables-view-popup-14.js for frequent failures on all platforms.
  • Bug 1114976 - Don't try to free TextureClients if allocation failed.
  • Bug 1128521 - Don't use API 17+ method in search activity.
  • Bug 1128179 - Avoiding crash when appending data after decoder initialization failed.
  • Bug 1127557 - Invalid preference type getting/setting loop.ot.guid.
  • Bug 1126490 - Part 1: Recover when catastrophic circumstances cause us to lose frames in RasterImage.
  • Bug 1126490 - Part 2: Recover from loss of surfaces in VectorImage.
  • Bug 1129567: Revert page-mod to a non-e10s compliant version to fix jank when loading amazon.com.
  • Bug 1124563 - Fixup base shape table after moving GC.
  • Bug 1115153 - Loop: Create API to allow web to retrieve the loop.gettingStarted.seen pref.
  • Bug 1125764 - Allow tour pages to hide UITour annotations and menus when losing visibility.
  • Bug 1118831 - Loop: Click to add Hello icon to toolbar.

New in version 31.4.0 (January 14th, 2015)

  • Fixed:
  • The previous issues with jp mac builds have now been fixed, and Thunderbird will no longer need to be run in 32-bit mode.
  • Installing extensions within Thunderbird no longer requires download and installing as a file
  • Security fixes:
  • 2015-04 Cookie injection through Proxy Authenticate responses
  • 2015-03 sendBeacon requests lack an Origin header
  • 2015-01 Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)

New in version 31.3.0 (December 2nd, 2014)

  • FIXED:
  • Fixes an issue where using LDAP autocomplete could end up with blank entries in the compose addressing list (Bug 1045753)
  • Fixes an issue where IRC participants were not removed from the display on leaving a channel.
  • Fixes a regression where Thunderbird wasn't respecting the skip integration option on the default client dialog.
  • SECURITY FIXES:
  • 2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory
  • 2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer
  • 2014-88 Buffer overflow while parsing media content
  • 2014-87 Use-after-free during HTML5 parsing
  • 2014-85 XMLHttpRequest crashes with some input streams
  • 2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)

New in version 34.0b1 Beta (November 11th, 2014)

  • Fixed bugs:
  • Bug 1023539: Fix occasional timeouts of TURN webrtc transports with one-way connections.
  • Bug 1069762 - Make CSP violation reports match the spec for redirects.
  • Bug 1085509 - Add telemetry for how many permanent certificate overrides users have.
  • Bug 1087104 - Set the partialInfo property for Balrog.
  • Bug 1087104 - Implement partial mar generation in make for 'mach build’.
  • Bug 1085026 - Use sha512 hashes for mar files.
  • Bug 1084163 - Remove 'make check' from automation/build.
  • Bug 1077597 - force -j1 for {pretty-}package-tests.
  • Bug 1013730 - Have mach ignore broken disk io stats.
  • Bug 1072073 - pretty-l10n-check should also be -j1.
  • Bug 978211 followup, make compare-mozconfig work on Win64 again.

New in version 31.2.0 (October 14th, 2014)

  • FIXED:
  • Fixed a case where having a contact and card in an address book with the same name could send to the mailing list (Bug 1008718)
  • Security fix:
  • MFSA 2014-73: RSA Signature Forgery in NSS

New in version 31.1.2 (September 25th, 2014)

  • FIXED: Fixed an issue where anchor links would not work in HTML emails (Bug 974857)
  • Security fixes:
  • MFSA 2014-73: RSA Signature Forgery in NSS

New in version 33.0b1 Beta (September 20th, 2014)

  • Bug 996753 - Workaround for Fx33 not having AppConstants.
  • Bug 1067088 - Use aBorderArea when not skipping any sides (e.g. ::first-letter), not the joined border area.
  • Bug 1063052 - In case a user ends up with unpacked chrome, on update use omni.ja again by removing chrome.manifest.
  • Bug 1000338 - nsICacheEntry.lastModified not properly implemented.
  • Bug 1057247 - Increase favicon refetch time to four hours.
  • Bug 1060888 - Autocomplete drop down list item should not be copied to the search fields when mouse over the list item.
  • Bug 1066794 - Make the search suggestions popup on about:home/about:newtab more consistent with the main search bar's popup.
  • Bug 1039028 - Show license info for OpenH264 plugin.
  • Bug 1063896 - Loop over all url list, not just ones with metadata.
  • Bug 1066190 - Ensure that pinning checks are done for otherwise overridable errors.
  • Bug 1066726 - Concurrent HTTP cache read and write issues.
  • Bug 1065478 - POSTs are coming from offline application cache.
  • Bug 1058813 - Add telemetry probe for clicking sync preference.
  • Bug 1063128 - Make sure all preferences have keys.
  • Bug 996753 - Telemetry probes for changing settings and hitting back.

New in version 31.1.1 (September 11th, 2014)

  • What’s New:
  • FIXED: Fixed an issue where mailing lists with spaces in their names couldn't be auto-completed (Bug 1060901)
  • FIXED: Fixed an occasional start-up crash (Bug 1005336)

New in version 31.1.0 (September 3rd, 2014)

  • Fixed:
  • MFSA 2014-72 Use-after-free setting text directionality
  • MFSA 2014-70 Out-of-bounds read in Web Audio audio timeline
  • MFSA 2014-69 Uninitialized memory use during GIF rendering
  • MFSA 2014-68 Use-after-free during DOM interactions with SVG
  • MFSA 2014-67 Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8)

New in version 32.0b1 Beta (August 14th, 2014)

  • Bug 777574 - Skip all quickCheckAPI tests on linux/android/emulator slaves.
  • Bug 1013007: re-enable STUN throttling in mid-beta and later.
  • Bug 1046500 - Fix mediagroup parsing in feed parser.
  • Bug 1045640 - disable tls proxying bug 378637 on gecko 32.
  • Bug 995075 - Include update_filter() changes from upstream speexdsp.
  • Bug 1032255 - TPS has to exit with code != 0 in case of failures.
  • Bug 1048133 - Check key algorithms before using them for encryption/signatures.
  • Bug 997970 - Add search suggest to Amazon for en-US.

New in version 31.0 (July 23rd, 2014)

  • NEW: Auto-completing email addresses now matches against any part of the name or email (bug 529584)
  • NEW: Composing a mail to a newsgroup will now autocomplete newsgroup names (bug 61491)
  • FIXED: Insecure NTLM (pre-NTLMv2) authentication disabled (see 828183)
  • FIXED VULNERABILITIES:
  • MFSA 2014-66 IFRAME sandbox same-origin access through redirect
  • MFSA 2014-65 Certificate parsing broken by non-standard character encoding
  • MFSA 2014-64 Crash in Skia library when scaling high quality images
  • MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache
  • MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library
  • MFSA 2014-61 Use-after-free with FireOnStateChange event
  • MFSA 2014-59 Use-after-free in DirectWrite font handling
  • MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering
  • MFSA 2014-57 Buffer overflow during Web Audio buffering for playback
  • MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)

New in version 31.0b3 Beta (July 16th, 2014)

  • Bug 943269 - Minor tweak that might fix the test timeouts.
  • Bug 1023547 - Fix intermittent dom/workers/test/test_promise.html failure.
  • Bug 1028972 - Adjust Breakpad reservation for inflation.
  • Bug 1034327 - Fix memory leak when TURN client is used.
  • Bug 1037464 - Upgrade virtualenv to 1.11.6 because of installation issue [bustage fix].
  • Bug 1018383 - Added request-level caching in NetworkGeolocationProvider.js.
  • Bug 1031414 - Update LZ4.
  • Bug 877661 - Mark mask-html-01-extref-02.xhtml as random on all platforms.
  • Bug 1033703 - Pin TPS to specific versions of mozbase packages.
  • Bug 1030204 - 1/2 Name constraint ANSSI(DCISS) Root cert in mozilla::pkix.
  • Bug 1030204 - 2/2 Tests for Name constraints for ANSSI(DCISS) Root cert in psm.
  • Bug 991776 - Modify the testcase to ensure encoder will receive valid data and add logs for TrackEncoder.

New in version 24.6.0 (June 11th, 2014)

  • Security fixes:
  • MFSA 2014-52 Use-after-free with SMIL Animation Controller
  • MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer
  • MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)

New in version 30.0b1 Beta (May 10th, 2014)

  • Fixed bugs:
  • Bug 1000961 - Make DBusReplyHandler use thread-safe ref-counting.
  • Bug 969372 - Move mediaRecorder in global scope to avoid test timeout.
  • Bug 998302 - Connect to about:config instead of about:credits to avoid accessing mozilla.org when the test runs.
  • Bug 997341 - Modify content/xul/document/test/bug497875-iframe.xul to not connect to mozilla.org.
  • Bug 1004152 - Delay telephony.dial for 1s in test cases.
  • Bug 994907 - imgDecoderObserver does reference counting on different threads, so should be using thread safe reference counting.
  • Bug 983490 - Disable test_browserElement_inproc_SetInputMethodActive.html and test_browserElement_oop_SetInputMethodActive.html for frequent failures.
  • Bug 975550 Handle python 2.6 when preventing invalid utf-8 being writting to test files.
  • Bug 1003250 - Disable automatic sync for TPS tests.
  • Bug 1006298 - TPS fails to download virtualenv due to the redirect.
  • Bug 1005504 - Fix telemetry for application reputation.
  • Bug 900954 - Expose addons.json flush to test harness.

New in version 29.0b1 Beta (April 25th, 2014)

  • Bug 976536 - Fix JSFunction::existingScript returning NULL in some cases.
  • Bug 995995 - Set testing prefs to redirect to the test proxy server for RSS feeds.
  • Bug 996031 - Remove 455407.html crashtest.
  • Bug 996019 - Fix browser_bug435325.js to not connect to example.com.
  • Bug 996009 - Ensure that the richtext2 browserscope tests do not attempt to contact the external network.
  • Bug 997402 - both bing and yahoo params are broken.

New in version 24.4.0 (March 19th, 2014)

  • FIXED: Several fixes to improve handling of BCC when replying to messages (bug 968270, Bug 969358)
  • Security fixes:
  • MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
  • MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
  • MFSA 2014-30 Use-after-free in TypeObject
  • MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
  • MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
  • MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
  • MFSA 2014-26 Information disclosure through polygon rendering in MathML
  • MFSA 2014-17 Out of bounds read during WAV file decoding
  • MFSA 2014-16 Files extracted during updates are not always read only
  • MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)

New in version 24.3.0 (February 5th, 2014)

  • FIXED: Improved handling of reply-to (bug 933555)
  • Security fixes:
  • MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
  • MFSA 2014-12 NSS ticket handling issues
  • MFSA 2014-09 Cross-origin information leak through web workers
  • MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
  • MFSA 2014-04 Incorrect use of discarded images by RasterImage
  • MFSA 2014-02 Clone protected content with XBL scopes
  • MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)

New in version 24.2.0 (December 11th, 2013)

  • Security fixes:
  • MFSA 2013-117: Mis-issued ANSSI/DCSSI certificate
  • MFSA 2013-116: JPEG information leak
  • MFSA 2013-115: GetElementIC typed array stubs can be generated outside observed typesets
  • MFSA 2013-114: Use-after-free in synthetic mouse movement
  • MFSA 2013-113: Trust settings for built-in roots ignored during EV certificate validation
  • MFSA 2013-111: Segmentation violation when replacing ordered list elements
  • MFSA 2013-109: Use-after-free during Table Editing
  • MFSA 2013-108: Use-after-free in event listeners
  • MFSA 2013-104: Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
  • Other Fixes:
  • Fixed an issue where long messages with multiple signatures could end up unreadable (bug 929006)
  • Fixed an issue where editing account settings was not possible in some non-standard configurations of local folder set-ups (bug 921371)

New in version 24.1.1 (November 19th, 2013)

  • Security fix:
  • MFSA 2013-103: Miscellaneous Network Security Services (NSS) vulnerabilities

New in version 24.1.0 (November 2nd, 2013)

  • FIXED: Fixed an issue where signatures were shown in too lighter grey making them difficult to read (bug 917906)
  • FIXED: Fixed an issue where Auto CC for reply might not work if the cc address is the same as the sending address (bug 917231)
  • Security fixes:
  • MFSA 2013-102 Use-after-free in HTML document templates
  • MFSA 2013-101 Memory corruption in workers
  • MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
  • MFSA 2013-98 Use-after-free when updating offline cache
  • MFSA 2013-97 Writing to cycle collected object during image decoding
  • MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
  • MFSA 2013-95 Access violation with XSLT and uninitialized data
  • MFSA 2013-94 Spoofing addressbar though SELECT element
  • MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)

New in version 24.0 (October 11th, 2013)

  • NEW: Message threads can now be ignored or watched
  • NEW: Emails can now be sent to IDN based email addresses
  • NEW: Zoom functionality is now available in the compose window
  • CHANGED: In the Compose window, ctrl/cmd + and ctrl/cmd - now change the zoom setting rather than the font size
  • CHANGED: In Twitter, replying to a tweet now replies to all users, just like on the Twitter website
  • FIXED: Interactions in the filter list dialogs have been improved
  • FIXED: In Chat user nicknames are now highlighted when mentioned
  • FIXED: In IRC, long messages will now be sent in multiple parts instead of being cut off
  • Various security fixes:
  • MFSA 2013-92 GC hazard with default compartments and frame chain restoration
  • MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
  • MFSA 2013-90 Memory corruption involving scrolling
  • MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
  • MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
  • MFSA 2013-85 Uninitialized data in IonMonkey
  • MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
  • MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
  • MFSA 2013-81 Use-after-free with select element
  • MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
  • MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
  • MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
  • MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)

New in version 24.0 (September 18th, 2013)

  • NEW: Message threads can now be ignored or watched
  • NEW: Emails can now be sent to IDN based email addresses
  • NEW: Zoom functionality is now available in the compose window
  • CHANGED: In the Compose window, ctrl/cmd + and ctrl/cmd - now change the zoom setting rather than the font size
  • CHANGED: In Twitter, replying to a tweet now replies to all users, just like on the Twitter website
  • FIXED: Interactions in the filter list dialogs have been improved
  • FIXED: In Chat user nicknames are now highlighted when mentioned
  • FIXED: In IRC, long messages will now be sent in multiple parts instead of being cut off
  • Various security fixes:
  • MFSA 2013-92 GC hazard with default compartments and frame chain restoration
  • MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
  • MFSA 2013-90 Memory corruption involving scrolling
  • MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
  • MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
  • MFSA 2013-85 Uninitialized data in IonMonkey
  • MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
  • MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
  • MFSA 2013-81 Use-after-free with select element
  • MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
  • MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
  • MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
  • MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)

New in version 17.0.8 (August 7th, 2013)

  • Security fixes:
  • MFSA 2013-75 Local Java applets may read contents of local file system
  • MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
  • MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
  • MFSA 2013-71 Further Privilege escalation through Mozilla Updater
  • MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
  • MFSA 2013-68 Document URI misrepresentation and masquerading
  • MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
  • MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)

New in version 17.0.7 (August 6th, 2013)

  • MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
  • MFSA 2013-56 PreserveWrapper has inconsistent behavior
  • MFSA 2013-55 SVG filters can lead to information disclosure
  • MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
  • MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
  • MFSA 2013-51 Privileged content access and execution via XBL
  • MFSA 2013-50 Memory corruption found using Address Sanitizer
  • MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)

New in version 17.0.6 (August 6th, 2013)

  • MFSA 2013-48 Memory corruption found using Address Sanitizer
  • MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent
  • MFSA 2013-46 Use-after-free with video and onresize event
  • MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service
  • MFSA 2013-42 Privileged access for content level constructor
  • MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)

New in version 17.0.5 (August 6th, 2013)

  • MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
  • MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
  • MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
  • MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
  • MFSA 2013-34 Privilege escalation through Mozilla Updater
  • MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
  • MFSA 2013-31 Out-of-bounds write in Cairo library
  • MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)

New in version 17.0.4 (March 11th, 2013)

  • Security fixes:
  • MFSA 2013-29: Use-after-free in HTML Editor

New in version 17.0.3 (February 20th, 2013)

  • MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
  • MFSA 2013-27 Phishing on HTTPS connection through malicious proxy
  • MFSA 2013-26 Use-after-free in nsImageLoadingContent
  • MFSA 2013-25 Privacy leak in JavaScript Workers
  • MFSA 2013-24 Web content bypass of COW and SOW security wrappers
  • MFSA 2013-23 Wrapped WebIDL objects can be wrapped again
  • MFSA 2013-22 Out-of-bounds read in image rendering
  • MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)
  • FIXED - Attachments sometimes could not be removed from the composition window using the keyboard, this is now fixed

New in version 17.0.2 (January 9th, 2013)

  • FIXED: Pressing the 'x' button on Windows now closes only one window rather than the whole application (805185)
  • FIXED: An issue that caused occasional corruption in local folders after filtering is now fixed (815012)
  • FIXED: An issue that caused deletion of drafts saved in IMAP folders whilst in offline mode is now fixed (805626)
  • Security fixes:
  • MFSA 2013-20 Mis-issued TURKTRUST certificates
  • MFSA 2013-19 Use-after-free in Javascript Proxy objects
  • MFSA 2013-18 Use-after-free in Vibrate
  • MFSA 2013-17 Use-after-free in ListenerManager
  • MFSA 2013-16 Use-after-free in serializeToStream
  • MFSA 2013-15 Privilege escalation through plugin objects
  • MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype
  • MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG
  • MFSA 2013-12 Buffer overflow in Javascript string concatenation
  • MFSA 2013-11 Address space layout leaked in XBL objects
  • MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin policy
  • MFSA 2013-09 Compartment mismatch with quickstubs returned values
  • MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection
  • MFSA 2013-07 Crash due to handling of SSL on threads
  • MFSA 2013-05 Use-after-free when displaying table with many columns and column groups
  • MFSA 2013-04 URL spoofing in addressbar during page loads
  • MFSA 2013-03 Buffer Overflow in Canvas
  • MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer
  • MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)

New in version 16.0.1 (October 12th, 2012)

  • Added box.com to the list of online storage services that are available for use with Thunderbird Filelink
  • Silent, background updates. Thunderbird will now download and apply updates in the background allowing you to start quickly the next time Thunderbird starts up.
  • Various fixes and performance improvements
  • Various security fixes

New in version 16.0 (October 10th, 2012)

  • NEW: We have now added box.com to the list of online storage services that are available for use with Thunderbird Filelink
  • NEW: Silent, background updates. Thunderbird will now download and apply updates in the background allowing you to start quickly the next time Thunderbird starts up.
  • FIXED: Various fixes and performance improvements
  • FIXED: Various security fixes

New in version 13.0.1 (June 15th, 2012)

  • FIXED: YouSendIt no longer expires Filelinks after 1 week
  • FIXED: The prompt given when a password had changed sometimes referred to a network error rather than a change of password
  • FIXED: Miscellaneous other stability and display updates

New in version 13.0 (June 6th, 2012)

  • NEW:
  • Filelink: Upload your files to an online storage service and send links to your friends, avoiding bounce back due to large attachments. We have partnered with YouSendIt to bring this feature, but additional partners will be added in the near future.
  • NEW:
  • In partnership with Gandi and Hover, you can now sign up for a personalized email address from within Thunderbird. Along with your new email address, Thunderbird will be automatically set up and ready to send and receive messages. We are working with additional suppliers to cover more areas of the world and to provide more options in the future.
  • FIXED:
  • Various security fixes

New in version 12.0.1 (April 30th, 2012)

  • Fix various issues relating to new mail notifications and filtering on POP3 based accounts
  • Fixes an occasional startup crash seen in TB 12.0
  • Fixes an issue with corrupted message bodies when using movemail

New in version 12.0 Final (April 24th, 2012)

  • NEW - Global Search results now include message extracts in the results
  • FIXED - Various security fixes
  • FIXED - Various improvements to RSS feed subscription and general feed handling
  • DEVELPER - Thunderbird now supports add-ons that provide different types of local mail storage

New in version 11.0.1 (March 28th, 2012)

  • Fixed bug in D2D blocklisting check
  • Fixed hang in imap retry url

New in version 11.0 (March 14th, 2012)

  • NEW: New user interface with Tabs above the main menu bar to facilitate navigation and make it more contextual
  • FIXED: Thunderbird notifications may not work properly with Growl 1.3 or later (691662)
  • FIXED: Fixes a crash seen during importing of Microsoft Outlook profiles (723105)

New in version 10.0.2 (February 17th, 2012)

  • Fix a security issue.

New in version 10.0.1 (February 13th, 2012)

  • Several fixes to improve stability.
  • Fixed a security issue: MFSA 2012-10 use after free in nsXBLDocumentInfo::ReadPrototypeBindings.

New in version 10.0 (January 31st, 2012)

  • New ability to search the Web
  • Improvements to email search
  • Several fixes when drafting email
  • and several other platform fixes

New in version 9.0 Beta 3 (December 1st, 2011)

  • Added an opt-in system for users to send performance data back to Mozilla to improve future versions of Thunderbird
  • Better keyboard handling for attachments
  • Several user interface fixes and improvements
  • and numerous other platform fixes

New in version 8.0b1 Beta (October 5th, 2011)

  • Add-ons installed by third party programs are now disabled by default
  • Added a one-time add-on selection dialog to manage previously installed add-ons
  • Improved accessibilty of the attachment lists
  • Several user interface fixes and improvements
  • and numerous other platform fixes

New in version 7.0.1 (October 1st, 2011)

  • Fixed a rare issue where some users could find one or more of their add-ons hidden after a Thunderbird update (see the blog post)

New in version 7.0 (September 28th, 2011)

  • Thunderbird is based on the new Mozilla Gecko 7 engine
  • Several user interface fixes and improvements
  • Several fixes to attachment handling
  • Ability to print a summary of selected email messages
  • Platform improvements to Address Book
  • Fixed several security issues
  • Numerous platform fixes that improve speed, performance and stability

New in version 6.0.1 (August 31st, 2011)

  • Revoked the root certificate for DigiNotar due to fraudulent SSL certificate issuance

New in version 5.0 (June 28th, 2011)

  • More responsive and faster to start up and use
  • Thunderbird is based on the new Mozilla Gecko 5 engine
  • New Add-ons Manager
  • Revised account creation wizard to improve email setup
  • New Troubleshooting Information page
  • Tabs can now be reordered and dragged to different windows
  • Attachment sizes now displayed along with attachments
  • Plugins can now be loaded in RSS feeds by default
  • There are several theme fixes for Windows Vista and Windows 7
  • Support for Mac 32/64 bit Universal builds (Thunderbird no longer supports PowerPC on Mac)
  • Over 390 platform fixes that improve speed, performance, stability and security

New in version 3.1.11 (June 22nd, 2011)

  • Several fixes to improve performance, stability and security

New in version 5.0 Beta 1 (June 3rd, 2011)

  • Notable changes in Thunderbird Beta include: a new Addons Manager and Extension management API, Tab enhancements, revised account creation wizard to improve email setup, new troubleshooting infromation page, and several user interface fixes and improvements.
  • New Addons Manager and extension management API (user interface will be changed before final release)
  • Tabs can now be reordered and dragged to different windows
  • Revised account creation wizard, offering improved set-up
  • Attachment sizes now displayed along with attachments
  • New troubleshooting information page to aid supporting and diagnosing problems in Thunderbird
  • Plugins can now be loaded in RSS feeds by default
  • Various other user interface fixes and improvements
  • Support for Mac 32/64 bit Universal builds (Thunderbird Beta will no longer support PowerPC on Mac)
  • and numerous other bug fixes

New in version 3.3 Alpha 2 Miramar (January 21st, 2011)

  • Notable changes in Miramar Alpha 2 from Miramar Alpha 1
  • New Troubleshooting information page to aid supporting and diagnosing problems in Thunderbird
  • Notifications of add-on installation progress and issues now work correctly
  • Attachment reminder now works again
  • Attachment sizes are now available in the compose window
  • and numerous other bug fixes
  • Notable changes in Miramar Alpha 2 when compared to Thunderbird 3.1
  • New Addons Manager and extension management API (user interface will be changed before final release)
  • Attachment sizes now displayed along with attachments
  • Several user interface fixes for Windows Vista/Windows 7
  • Support for Mac 32/64 bit Universal builds ( will no longer support PowerPC on Mac)
  • Over 280 platform fixes to improve performance and stability

New in version 3.1.7 / 3.0.11 (December 10th, 2010)

  • MFSA 2010-78 Add support for OTS font sanitizer
  • MFSA 2010-75 Buffer overflow while line breaking after document.write with long string
  • MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)

New in version 3.3 Alpha 1 Miramar (November 24th, 2010)

  • New Addons Manager and extension management API (user interface will be changed before final release).
  • Attachment sizes now displayed along with attachments.
  • Several user interface fixes for Windows Vista/Windows 7.
  • Support for Mac 32/64 bit Universal builds (Miramar Alpha 1 will no longer support PowerPC on Mac).
  • Over 190 platform fixes to improve performance and stability.

New in version 3.1.6 (October 28th, 2010)

  • Fixes a critical security issue that could potentially allow remote code execution. This issue does not affect email or newsgroups but could be triggered through browser-like features or add-ons.

New in version 3.1.5 (October 21st, 2010)

  • MFSA 2010-72 Insecure Diffie-Hellman key exchange
  • MFSA 2010-71 Unsafe library loading vulnerabilities
  • MFSA 2010-70 SSL wildcard certificate matching IP addresses
  • MFSA 2010-69 Cross-site information disclosure via modal calls
  • MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter
  • MFSA 2010-66 Use-after-free error in nsBarProp
  • MFSA 2010-65 Buffer overflow and memory corruption using document.write
  • MFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14)
  • Several fixes to improve the user interface and add-ons experience.

New in version 3.0.9 (October 21st, 2010)

  • New Search with Advanced Filtering Tools:
  • New Search with Advanced Filtering Tools: Search results now include advanced filtering tools. You have the option to filter your results by sender, tag, attachments, people, folder, and mailing list. You can also filter your email using the timeline tool.
  • New Global Search Field with Autocomplete: When typing in the Global Search field, Thunderbird autocompletes against your address book. You have the option of searching everywhere or filtering against different parts of the email such as by subject or by sender.
  • User Experience Improvements:
  • New Mail Account Setup Wizard: The new Mail Account Setup Wizard matches against a database of email settings from popular mail providers so that you will only need to provide your name, email, and password to set up new mail accounts.
  • Redesigned Mail Toolbar: The Mail Toolbar is redesigned to include the new Global Search bar. Buttons such as reply, forward, delete, junk are part of each email message. You can add those buttons back to the main toolbar by customizing the toolbar.
  • Tabbed Email Messages: Double-clicking or hitting enter on a mail message will now open that message in a New Tab window. Middle-clicking on messages or folders will open them in a Tab in the background. When quitting Thunderbird, visible tabs will be saved and will be restored when you open Thunderbird the next time. There is also a new Tab menu on the Tab toolbar to help you switch between Tabs.
  • Smart Folders: The folder pane offers a Smart Folders mode which combines special mailboxes, like Inbox, from multiple accounts. Smart Folders is now on by default.
  • New Message Summary View: Selecting multiple messages will give you a summary view of the emails you have selected.
  • Column Headings: The column headings that are displayed and the order in which they are displayed can now be set on a per-folder basis.
  • Message Archive: You can now file messages from your Inbox or other folders into the new Archive folder system.
  • Activity Manager: The Activity Manager records all the interactions between Thunderbird and your email provider in one place.
  • New Add-ons Manager: The new Add-ons Manager (Tools > Add-ons) can now be used to find, download, and install Thunderbird Add-ons which includes Extensions, Themes, and Plugins.
  • Improved Address Book: If someone is in your address book, it is indicated by a new star icon which you can click to edit contact details inline. If they are not in your address book, you can add them with one click of the icon. A new birthday field allows you to keep track of your friends' birthdays. You can also add a photo for contacts in your address book.
  • Improved Gmail Integration: Better recognition and integration of Gmail's special folders such as Sent and Trash including non-English versions of Gmail. Thunderbird also uses All Mail as the Archives folder.
  • For Windows Vista users, Thunderbird 3 is now integrated with Vista search results. On first start, Thunderbird will prompt to install its indexing system into Windows Vista and you can choose to see Thunderbird email and news messages in Windows search results.
  • For Mac users, Thunderbird 3 is now integrated with Spotlight, can import from Mail.app, read your OS X address book, and use Growl for new mail alerts.
  • Performance Improvements:
  • IMAP Folder Synchronization: Thunderbird will download IMAP messages by default in the background to allow for faster message loading and better offline operation. This feature can be enabled on an individual folder basis via Folder properties, or for all folders in an account via Account Settings / 'Synchronize & Storage'.

New in version 3.1.3 (September 8th, 2010)

  • Several fixes to improve stability and security, see the Security Advisory.
  • Several fixes to improve stability.
  • Several fixes to the user interface.

New in version 3.1.2 (August 6th, 2010)

  • Several fixes to improve stability.
  • Several fixes to the user interface.

New in version 3.1 (June 25th, 2010)

  • Faster Search Results and Quick Filter Toolbar:
  • Faster Search Results:
  • Message indexing is faster and provides users with faster search results.
  • Quick Filter Toolbar:
  • New Quick Filter Toolbar lets you filter against search terms, tags, starred messages, address book contacts, new emails, and attachments.
  • User Experience Improvements:
  • New Migration Assistant:
  • The new Migration Assistant gives Thunderbird 2 users a way to choose the new features in Thunderbird 3.1 or to keep their current features and settings.
  • Saved Files Manager:
  • New Saved Files Manager displays all the files you downloaded from your email to your computer.
  • Mail Account Setup Wizard:
  • Hundreds of ISP settings have been added to make setting up Thunderbird easier. The Mail Account Setup Wizard matches against a database of email settings from popular mail providers so that you will only need to provide your name, email, and password to set up new mail accounts.
  • Performance Improvements:
  • Improvements to Stability, Memory, and Password Handling

New in version 3.0.5 (June 18th, 2010)

  • This release improves the performance of indexing messages and accessing profiles stored on a network.
  • This release also improves the unread email notification on Mac OS X.
  • Several fixes to the user interface.

New in version 3.1 RC2 (June 9th, 2010)

  • Faster Search Results and Quick Filter Toolbar:
  • Faster Search Results - Message indexing is faster and provides users with faster search results.
  • Quick Filter Toolbar - New Quick Filter Toolbar lets you filter against search terms, tags, starred messages, address book contacts, new emails, and attachments.
  • User Experience Improvements:
  • New Migration Assistant - The new Migration Assistant gives Thunderbird 2 users a way to choose the new features in Thunderbird 3.1 or to keep their current features and settings.
  • Saved Files Manager - New Saved Files Manager displays all the files you downloaded from your email to your computer.
  • Mail Account Setup Wizard - Hundreds of ISP settings have been added to make setting up Thunderbird easier. The Mail Account Setup Wizard matches against a database of email settings from popular mail providers so that you will only need to provide your name, email, and password to set up new mail accounts.
  • Performance Improvements:
  • Improvements to Stability, Memory, and Password Handling

New in version 3.1 RC1 (May 27th, 2010)

  • Faster Search Results and Quick Filter Toolbar:
  • Faster Search Results: Message indexing is faster and provides users with faster search results.
  • Quick Filter Toolbar: New Quick Filter Toolbar lets you filter against search terms, tags, starred messages, address book contacts, new emails, and attachments.
  • User Experience Improvements:
  • New Migration Assistant: The new Migration Assistant gives Thunderbird 2 users a way to choose the new features in Thunderbird 3.1 or to keep their current features and settings.
  • Saved Files Manager: New Saved Files Manager displays all the files you downloaded from your email to your computer.
  • Mail Account Setup Wizard: Hundreds of ISP settings have been added to make setting up Thunderbird easier. The Mail Account Setup Wizard matches against a database of email settings from popular mail providers so that you will only need to provide your name, email, and password to set up new mail accounts.
  • Performance Improvements:
  • Improvements to Stability, Memory, and Password Handling

New in version 3.1 Beta 2 (May 6th, 2010)

  • New quick filter toolbar.
  • New migration assistant.
  • Improved support for Personas.
  • Several fixes to improve upgrading from Thunderbird 2.
  • Several design improvements and corrections to the interface.
  • Stability and memory improvements.

New in version 3.0.3 (March 1st, 2010)

  • Fix for missing folders or empty folder pane after updating to Thunderbird 3.0.2

New in version 3.1 Alpha 1 (February 3rd, 2010)

  • Several improvements to IMAP.
  • Several fixes for Smart Folders, message filters, and attachment handling.
  • Several design improvements and corrections to the interface.
  • Download Manager is now accessible as a menu item (Tools > Saved Files).
  • Stability and memory improvements.

New in version 3.0.1 (January 21st, 2010)

  • Several fixes to improve stability and security.
  • Several fixes to the user interface and attachment handling.

New in version 3.0.0 (January 20th, 2010)

  • New Search with Advanced Filtering Tools:
  • New Search with Advanced Filtering Tools - Search results now include advanced filtering tools. You have the option to filter your results by sender, tag, attachments, people, folder, and mailing list. You can also filter your email using the timeline tool.
  • New Global Search Field with Autocomplete - When typing in the Global Search field, Thunderbird autocompletes against your address book. You have the option of searching everywhere or filtering against different parts of the email such as by subject or by sender.
  • User Experience Improvements:
  • New Mail Account Setup Wizard - The new Mail Account Setup Wizard matches against a database of email settings from popular mail providers so that you will only need to provide your name, email, and password to set up new mail accounts.
  • Redesigned Mail Toolbar - The Mail Toolbar is redesigned to include the new Global Search bar. Buttons such as reply, forward, delete, junk are part of each email message. You can add those buttons back to the main toolbar by customizing the toolbar.
  • Tabbed Email Messages - Double-clicking or hitting enter on a mail message will now open that message in a New Tab window. Middle-clicking on messages or folders will open them in a Tab in the background. When quitting Thunderbird, visible tabs will be saved and will be restored when you open Thunderbird the next time. There is also a new Tab menu on the Tab toolbar to help you switch between Tabs.
  • Smart Folders - The folder pane offers a Smart Folders mode which combines special mailboxes, like Inbox, from multiple accounts. Smart Folders is now on by default.
  • New Message Summary View - Selecting multiple messages will give you a summary view of the emails you have selected.
  • Column Headings - The column headings that are displayed and the order in which they are displayed can now be set on a per-folder basis.
  • Message Archive - You can now file messages from your Inbox or other folders into the new Archive folder system.
  • Activity Manager - The Activity Manager records all the interactions between Thunderbird and your email provider in one place.
  • New Add-ons Manager - The new Add-ons Manager (Tools > Add-ons) can now be used to find, download, and install Thunderbird Add-ons which includes Extensions, Themes, and Plugins. Note that few Add-ons are compatible with this beta at the time of release, as Add-on developers need to upgrade them.
  • Improved Address Book - If someone is in your address book, it is indicated by a new star icon which you can click to edit contact details inline. If they are not in your address book, you can add them with one click of the icon. A new birthday field allows you to keep track of your friends' birthdays. You can also add a photo for contacts in your address book.
  • Improved Gmail Integration - Better recognition and integration of Gmail's special folders such as Sent and Trash including non-English versions of Gmail. Thunderbird also uses All Mail as the Archives folder.
  • For Windows Vista users, Thunderbird 3 is now integrated with Vista search results. On first start, Thunderbird will prompt to install its indexing system into Windows Vista and you can choose to see Thunderbird email and news messages in Windows search results.
  • For Mac users, Thunderbird 3 is now integrated with Spotlight, can import from Mail.app, read your OS X address book, and use Growl for new mail alerts.
  • Performance Improvements:
  • IMAP Folder Synchronization - Thunderbird will download IMAP messages by default in the background to allow for faster message loading and better offline operation. This feature can be enabled on an individual folder basis via Folder properties, or for all folders in an account via Account Settings / 'Synchronize & Storage'.

New in version 3.0.0 RC2 (December 2nd, 2009)

  • New Search with Advanced Filtering Tools:
  • New Search with Advanced Filtering Tools - Search results now include advanced filtering tools. You have the option to filter your results by sender, tag, attachments, people, folder, and mailing list. You can also filter your email using the timeline tool.
  • New Global Search Field with Autocomplete - When typing in the Global Search field, Thunderbird autocompletes against your address book. You have the option of searching everywhere or filtering against different parts of the email such as by subject or by sender.
  • User Experience Improvements:
  • New Mail Account Setup Wizard - The new Mail Account Setup Wizard matches against a database of email settings from popular mail providers so that you will only need to provide your name, email, and password to set up new mail accounts.
  • Redesigned Mail Toolbar - The Mail Toolbar is redesigned to include the new Global Search bar. Buttons such as reply, forward, delete, junk are part of each email message. You can add those buttons back to the main toolbar by customizing the toolbar.
  • Tabbed Email Messages - Double-clicking or hitting enter on a mail message will now open that message in a New Tab window. Middle-clicking on messages or folders will open them in a Tab in the background. When quitting Thunderbird, visible tabs will be saved and will be restored when you open Thunderbird the next time. There is also a new Tab menu on the Tab toolbar to help you switch between Tabs.
  • Smart Folders - The folder pane offers a Smart Folders mode which combines special mailboxes, like Inbox, from multiple accounts. Smart Folders is now on by default.
  • New Message Summary View - Selecting multiple messages will give you a summary view of the emails you have selected.
  • Column Headings - The column headings that are displayed and the order in which they are displayed can now be set on a per-folder basis.
  • Message Archive - You can now file messages from your Inbox or other folders into the new Archive folder system.
  • Activity Manager - The Activity Manager records all the interactions between Thunderbird and your email provider in one place.
  • New Add-ons Manager - The new Add-ons Manager (Tools > Add-ons) can now be used to find, download, and install Thunderbird Add-ons which includes Extensions, Themes, and Plugins. Note that few Add-ons are compatible with this beta at the time of release, as Add-on developers need to upgrade them.
  • Improved Address Book - If someone is in your address book, it is indicated by a new star icon which you can click to edit contact details inline. If they are not in your address book, you can add them with one click of the icon. A new birthday field allows you to keep track of your friends' birthdays. You can also add a photo for contacts in your address book.
  • Improved Gmail Integration - Better recognition and integration of Gmail's special folders such as Sent and Trash including non-English versions of Gmail. Thunderbird also uses All Mail as the Archives folder.
  • For Windows Vista users, Thunderbird 3 is now integrated with Vista search results. On first start, Thunderbird will prompt to install its indexing system into Windows Vista and you can choose to see Thunderbird email and news messages in Windows search results.
  • For Mac users, Thunderbird 3 is now integrated with Spotlight, can import from Mail.app, read your OS X address book, and use Growl for new mail alerts.
  • Performance Improvements:
  • IMAP Folder Synchronization - Thunderbird will download IMAP messages by default in the background to allow for faster message loading and better offline operation. This feature can be enabled on an individual folder basis via Folder properties, or for all folders in an account via Account Settings / 'Synchronize & Storage'.

New in version 3.0.0 RC1 (November 25th, 2009)

  • New Search with Advanced Filtering Tools:
  • Search results now include advanced filtering tools. You have the option to filter your results by sender, tag, attachments, people, folder, and mailing list. You can also filter your email using the timeline tool.
  • New Global Search Field with Autocomplete
  • When typing in the Global Search field, Thunderbird autocompletes against your address book. You have the option of searching everywhere or filtering against different parts of the email such as by subject or by sender.
  • User Experience Improvements:
  • New Mail Account Setup Wizard - The new Mail Account Setup Wizard matches against a database of email settings from popular mail providers so that you will only need to provide your name, email, and password to set up new mail accounts.
  • Redesigned Mail Toolbar - The Mail Toolbar is redesigned to include the new Global Search bar. Buttons such as reply, forward, delete, junk are part of each email message. You can add those buttons back to the main toolbar by customizing the toolbar.
  • Tabbed Email Messages - Double-clicking or hitting enter on a mail message will now open that message in a New Tab window. Middle-clicking on messages or folders will open them in a Tab in the background. When quitting Thunderbird, visible tabs will be saved and will be restored when you open Thunderbird the next time. There is also a new Tab menu on the Tab toolbar to help you switch between Tabs.
  • Smart Folders - The folder pane offers a Smart Folders mode which combines special mailboxes, like Inbox, from multiple accounts. Smart Folders is now on by default.
  • New Message Summary View - Selecting multiple messages will give you a summary view of the emails you have selected.
  • Column Headings - The column headings that are displayed and the order in which they are displayed can now be set on a per-folder basis.
  • Message Archive - You can now file messages from your Inbox or other folders into the new Archive folder system.
  • Activity Manager - The Activity Manager records all the interactions between Thunderbird and your email provider in one place.
  • New Add-ons Manager - The new Add-ons Manager (Tools > Add-ons) can now be used to find, download, and install Thunderbird Add-ons which includes Extensions, Themes, and Plugins. Note that few Add-ons are compatible with this beta at the time of release, as Add-on developers need to upgrade them.
  • Improved Address Book - If someone is in your address book, it is indicated by a new star icon which you can click to edit contact details inline. If they are not in your address book, you can add them with one click of the icon. A new birthday field allows you to keep track of your friends' birthdays. You can also add a photo for contacts in your address book.
  • Improved Gmail Integration - Better recognition and integration of Gmail's special folders such as Sent and Trash including non-English versions of Gmail. Thunderbird also uses All Mail as the Archives folder.
  • For Windows Vista users, Thunderbird 3 is now integrated with Vista search results. On first start, Thunderbird will prompt to install its indexing system into Windows Vista and you can choose to see Thunderbird email and news messages in Windows search results.
  • For Mac users, Thunderbird 3 is now integrated with Spotlight, can import from Mail.app, read your OS X address book, and use Growl for new mail alerts.
  • Performance Improvements:
  • IMAP Folder Synchronization - Thunderbird will download IMAP messages by default in the background to allow for faster message loading and better offline operation. This feature can be enabled on an individual folder basis via Folder properties, or for all folders in an account via Account Settings / 'Synchronize & Storage'.

New in version 2.0.0.23 (August 24th, 2009)

  • Compromise of SSL-protected communication.

New in version 3.0.0 Beta 3 (July 23rd, 2009)

  • Thunderbird 3 Beta 3 is based on the Gecko 1.9.1.1 platform including some major re-architecting to provide improved performance, stability, web compatibility, and code simplification and sustainability.
  • There are over 500 changes in this release, many laying the groundwork for future changes.
  • Developer Improvements:
  • Thread Pane and Tab Refactoring: See Thread Pane UI refactoring discussion for additional details.
  • Fixes For Extension Developers: See Thunderbird Extensions and Thunderbird HowTos for developer documentation.
  • User Experience Improvements:
  • Tabbed Email Messages: Double-clicking or hitting enter on a mail message will now open that message in a New Tab window. Middle-clicking on messages or folders will open them in a Tab in the background. When quitting Thunderbird, visible tabs will be saved and will be restored when you open Thunderbird the next time. There is also a new Tab menu on the Tab toolbar to help you switch between Tabs.
  • New Message Summary View: Selecting multiple messages will give you a summary view of the emails you have selected.
  • Column Headings: The column headings that are displayed and the order in which they are displayed can now be set on a per-folder basis.
  • Smart Folders: The folder pane offers a Smart Folders mode which combines special mailboxes (e.g. Inbox) from multiple accounts together.
  • Improved Gmail Integration: Better recognition and integration of Gmail's special folders such as Sent and Trash including non-English versions of Gmail. Thunderbird also uses All Mail as the Archives folder.

New in version 2.0.0.22 (June 23rd, 2009)

  • Crash viewing multipart/alternative message with text/enhanced part.
  • JavaScript chrome privilege escalation.
  • Arbitrary code execution using event listeners attached to an element whose owner document is null.
  • Tampering via non-200 responses to proxy CONNECT requests.
  • Crashes with evidence of memory corruption (rv:1.9.0.11).
  • Same-origin violations when Adobe Flash loaded via view-source: scheme.
  • Crashes with evidence of memory corruption (rv:1.9.0.9).

New in version 3.0.0 Beta 2 (February 26th, 2009)

  • User Experience Improvements:
  • Message Archive:
  • You can now file messages from your Inbox or other folders into the new Archive folder system.
  • Activity Manager:
  • The Activity Manager records all the interactions between Thunderbird and your email provider in one place.
  • Performance improvements:
  • Faster Message Loading for IMAP:
  • Thunderbird will now download IMAP messages by default in the background to allow for faster message loading, and better offline operation. This feature can be enabled on an individual folder basis (via folder properties), or for all folders in an account, via Account Settings / Sync & Disk Space.

New in version 2.0.0.19 (January 2nd, 2009)

  • XSS and JavaScript privilege escalation.
  • Escaped null characters ignored by CSS parser.
  • Errors parsing URLs with leading whitespace and control characters.
  • Cross-domain data theft via script redirect error message.
  • XMLHttpRequest 302 response disclosure.
  • Information stealing via loadBindingDocument.
  • Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19).

New in version 3.0.0 Beta 1 (December 10th, 2008)

  • User Experience Improvements:
  • Tabbed Email: Email messages, folders, and calendars (with the Lightning extension installed) can be opened in tabs.
  • Improved Message Reader View: This is the first stage of a series of refinements to the message reading experience. The first stage brings email controls closer to the area in which the user is operating.
  • New Add-ons Manager: The new Add-ons Manager (Tools > Add-ons) can now be used to find, download, and install Thunderbird Add-ons which includes Extensions, Themes, and Plugins. Note that few Add-ons are compatible with this beta at the time of release, as Add-on developers need to upgrade them.
  • Improved Address Book: If someone is in your address book, it is indicated by a new star icon which you can click to edit contact details inline. If they are not in your address book, you can add them with one click of the icon. A new birthday field allows you to keep track of your friends' birthdays.
  • For Windows Vista users, Thunderbird 3 Beta 1 is now integrated with Vista search results. On first start, Thunderbird will prompt to install its indexing system into Windows Vista and you can choose to see Thunderbird email and news messages in Windows search results.
  • For Mac users, Thunderbird 3 Beta 1 can import from Mail.app, read your OS X address book, and use Growl for new mail alerts.
  • Performance improvements:
  • Faster Message Loading for IMAP: Thunderbird will now download IMAP messages in the background to allow for faster message loading, and better offline operation. This feature can be enabled on an individual folder basis (via folder properties), or for all folders in an account, via Account Settings / Sync & Disk Space.

New in version 2.0.0.18 (November 20th, 2008)

  • MFSA 2008-59 Script access to .documentURI and .textContent in mail
  • MFSA 2008-58 Parsing error in E4X default namespace
  • MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
  • MFSA 2008-55 Crash and remote code execution in nsFrameManager
  • MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
  • MFSA 2008-50 Crash and remote code execution via __proto__ tampering
  • MFSA 2008-48 Image stealing via canvas and HTTP redirect

New in version 2.0.0.17 (September 26th, 2008)

  • MFSA 2008-46 Heap overflow when canceling newsgroup message
  • MFSA 2008-44 resource: traversal vulnerabilities
  • MFSA 2008-43 BOM characters stripped from JavaScript before execution
  • MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
  • MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
  • MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
  • MFSA 2008-37 UTF-8 URL stack buffer overflow

New in version 2.0.0.16 (September 1st, 2008)

  • The following security issues have been fixed:
  • MFSA 2008-34 Remote code execution by overflowing CSS reference counter
  • MFSA 2008-33 Crash and remote code execution in block reflow
  • MFSA 2008-31 Peer-trusted certs can use alt names to spoof
  • MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
  • MFSA 2008-26 Buffer length checks in MIME processing
  • MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
  • MFSA 2008-24 Chrome script loading from fastload file
  • MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)

New in version 2.0.0.14 (May 6th, 2008)

  • Fixed security issues
  • Fix: Crashes with evidence of memory corruption (rv:1.8.1.13)
  • Fix: JavaScript privilege escalation and arbitrary code execution

New in version 2.0.0.12 (February 27th, 2008)

  • MFSA 2008-12 Heap buffer overflow in external MIME bodies
  • MFSA 2008-07 Possible information disclosure in BMP decoder
  • MFSA 2008-05 Directory traversal via chrome: URI
  • MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
  • MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)