Thunderbird 91 is being back-ported to Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

A security vulnerability affecting the Thunderbird 78.x series both builds offer is being actively exploited in the wild. But as upstream support for Thunderbird 78.x has ended the flaw is unlikely be ever be patched.

For an Ubuntu LTS releases that’s a major issue.

CVE-2021-38503 is being actively exploited and it will not be fixed in Thunderbird 78.x

So, to ensure its users are not affected, Ubuntu developers are backporting the latest Thunderbird 91 release (which is an extended support release, thankfully) to Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04.

This isn’t the first time Ubuntu has needed to do this either.

All supported Ubuntu releases receive new versions of Mozilla Firefox for the duration of their respective eras, but Mozilla Thunderbird (typically) only gets in-series updates. Ubuntu 18.04 LTS originally shipped with Thunderbird 52.x series, while Ubuntu 20.04 LTS came with the 68.x series.

Both were updated to Thunderbird 78 last year.

And, in the next week or so, they’ll be updated again to Thunderbird 91.

Ubuntu developers will go through to uplift the various libraries and inter-connected dependencies required to get Thunderbird 91 running on Ubuntu 18.04 without it affecting Bionic’s stability. It’s a process that takes a bit of time.

Might this incident underscore the (relative) benefits of shipping Thunderbird as a Snap in future versions of Ubuntu? Perhaps. Snap apps are able to be updated independent of the rest of the system/libraries much faster than a traditional backport.

Security fixes aside, Thunderbird 91 intros a number of new features and enhancements. These include multi-process (e10s) mode, a revamped workflow for adding attachments to emails, and simpler account setup.

If you actively use Thunderbird do look out for and install this update as soon as it’s available to your system.

Thanks Thomas H.

backports security thunderbird ubuntu 18.04 LTS Ubuntu 20.04 LTS