The newest release of Mozilla’s e-mail client termed Thunderbird includes various minor security fixes, as well as a complete fix of the EFAIL vulnerability that allows attackers to compromise encrypted e-mails under very certain circumstances. Although the prerequisites for a successful EFAIL attack meant that a very limited number of users were even vulnerable, the fact that it could be used to transmit content of encrypted emails to attackers in plain text gave rise to serious concerns. The attack does not allow for disclosing the encryption keys used.
To summarize, the developers tackled a number of security issues and problems with forwarding messages inline when using “simple” HTML view. Furthermore, beginning version 52.9.1, Thunderbird will also prompt to compact IMAP folders if the account is connected.
Further security improvements
A closer look at the changelog reveals that three critical vulnerabilities were fixed (#CVE-2018-12359 & #CVE-2018-12360), as well as an additional five bugs categorized to have ‘high’ impact and four with moderate or low impact. For all the details, visit and review the 52.9.1 release notes at thunderbird.net.