Mozilla released a new version of their email client Thunderbird recently: 60.6.1. The new version includes fixes for two security vulnerabilities.

The fixed vulnerabilities are unlikely to pose a threat to Thunderbird users. According to the related security advisory:

In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.

In other words, since Thunderbird does not allow scripts embedded in email to execute, users are generally much safer than if the same email is displayed in a web browser.

Another set of security vulnerabilities was recently addressed by Mozilla with the release of Thunderbird 60.5.1. All four security issues are rated as having High impact, and are likely to affect Thunderbird’s confidentiality (leak private data), integrity (cause crashes), and/or availability (prevent normal operation).

To update Thunderbird, click its hamburger menu icon at the top right, then select Help > About Thunderbird to show your installed version. If a newer version is available, you should see a button offering to install it.

Mozilla remains committed to Thunderbird, the company’s full-featured yet free email client for Windows, Mac, and Linux. Which is good news, because it’s getting increasingly difficult to find good email client software.

I’ve never been a fan of web-based email. It’s handy in certain situations, but leaves much to be desired for long-term use. I’ve been using Outlook for years, but it’s more than most people need; for them, there’s Thunderbird.

Thunderbird 60.5 plugs at least four security holes in previous versions.

To update Thunderbird, click its ‘hamburger’ menu icon at the top right, hover your mouse over Help, and click About Mozilla Thunderbird. If an update is available, you’ll be prompted to install it.

Released on October 31, Thunderbird 60.3 fixes a handful of bugs — some of which are security-related — affecting multiple versions and platforms.

From the security advisory: In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. What they seem to be saying is that these vulnerabilities cannot be exploited through the act of opening and reading email in Thunderbird. As for the part about browser-like contexts, well, that’s not at all clear. What contexts?

You can update your install of Thunderbird by clicking its hamburger menu button at the top right. Click the small arrow to the right of Help, then click About Mozilla Thunderbird. The About dialog should show your current version and offer an update if one is available.

There aren’t as many desktop email applications around as there used to be. Sure, some of the old classics are still available (hello Eudora), but they typically don’t provide support for the latest technologies.

I’ve never been comfortable using a web-based application for my email. I do use GMail, but mostly for client support. I just prefer to have more control over my email archive than is possible with a web-based solution. Email is a critical component of my business and personal communications, and leaving it at the mercy of Google or some other company is not acceptable.

That said, there are still a few good options for desktop email on Windows. I still use Outlook, because it’s always been rock solid for me, handling dozens of accounts efficiently and reliably. But Outlook is only available as part of Microsoft Office, and only the more expensive Professional or Business versions at that. And Office is not cheap, costing upwards of $300 USD.

So I’m always on the lookout for alternatives to Outlook. And sitting at the top of that list is Thunderbird, Mozilla’s email client. Thunderbird’s three-pane user interface should be familiar to anyone who has used Outlook, Outlook Express, or just about any other Windows email application. It supports all current email-related technologies.

Mozilla issued a major update for Thunderbird in early October: version 60.0. This update provides numerous improvements to the user interface, including a much-needed revamp for the way attachments are handled.

More recently, Thunderbird 60.2.1 was released to fix seven security issues in earlier versions, as well as a few non-security bugs.

As with Firefox, you can check the current version of Thunderbird by navigating its ‘hamburger’ menu (top right) to Help > About Mozilla Thunderbird. Doing this will usually trigger an update, if one is available.