Although it is no longer actively developed, Mozilla Thunderbird continues to receive updates and the most recent one, as expected, benefited from a small number of fixes.
Among the most significant security issues (labeled “critical”) fixed in this release are memory corruption problems identified using Address Sanitizer.
On the same note, a use-after-free error that could lead to arbitrary code execution has been removed. Third on the list of critical vulnerabilities are various memory safety hazards that could have been exploited to run arbitrary code on the target system.
Security flaws with a lower impact (labeled “high”), but equally important, have also been eliminated. These made possible local privilege escalation through Mozilla Maintenance Service, gaining privileged access for content level constructor and usage of DOMSVGZoomEvent functions without being properly initialized.
All these security glitches affected both Mozilla Thunderbird and Firefox browser, therefore updating the latest versions of these products is highly recommended.
In the case of Firefox, though, the developer did away with additional high impact security threat. It refers to the update mechanism failing to refresh some Windows Registry entries, which would leave Mozilla Maintenance Service open to already fixed privilege escalation attacks.
Download Firefox for Windows, Mac, Linux or Android
Download Thunderbird for Windows, Mac or Linux