Thunderbird has delivered its latest monthly mail drop of bug fixes.

Users of the open source e-mail client from MZLA Technologies — the company saw its yearly revenue increase 19% last year to over $10 million — receive a flurry of refinements and tweaks to the software’s existing feature set, but not any major new ones.

Fastmail users (who don’t fancy installing the new Fastmail desktop app) will be pleased to know CalDAV passwords work again, restoring access to viewing and editing Fastmail calendars from Thunderbird.

Task reminders sometimes failed to appear for tasks ‘without end dates or with shifted due dates’, so that that’s been taken care of: reminders should now appear as/when expected. Using shift + click to ‘Compose Message To’ on a mailto link now opens in plain text.

Thunderbird no longer hangs if running an auto-check for new messages across multiple accounts.

If you use a Microsoft Exchange account in Thunderbird and were rankled by a missing “Reply All” button in the composer you’ll be relieved to see it restored. Similarly, sending emails through servers with self-signed certificates works again.

Other issues said to be sorted in the Thunderbird 144 update:

  • Sorting by threads only showed threads with unread top messages
  • Users could not read mail signed with OpenPGP v6 and PQC keys
  • Multi-attachment delete/detach confirmation only listed the first attachment
  • Unable to copy text from some error alerts
  • Drafts not saving after switching identity in the compose window
  • Newly created folder missing under “Recent” when moving a message
  • Del key failed to prevent deleting attachments in OpenPGP messages
  • Image preview in Insert Image dialog failed with CSP error
  • ‘Copy Message to’ action in a newsgroup filter did not work
  • Unable to import profile located at the top level of zip file
  • Importing profile from a bad source did not indicate it failed
  • Unable to copy an event in multiweek or month view via drag-and-drop
  • Calendar discovery with certificate error displayed multiple exceptions

Thunderbird 144 also includes a new batch of security patches.

These cover various memory safety bugs, an issue where a compromised web process could use malicious IPC messages to leak cross-process information, or trigger out of bounds reads and writes in a privileged process using manipulated WebGL textures.

Scared? Don’t be unduly. Thunderbird say that most flaws can’t be exploited via email in Thunderbird as it disables scripting for reading mail, but the issues could potentially be risks depending in ‘browser-like’ contexts.

Download Thunderbird 144

Download Thunderbird for Linux, Windows, and macOS from the official website. Downloads now default to monthly release builds (which as of October will be 144). Thunderbird ESR (Extended Support Release) builds are also available to download.

Upgrading to a new Thunderbird release from an earlier version is easy on Windows or macOS, since the app auto-updates: open Thunderbird, go to the Help menu and select About. Thunderbird will check for and download an available update, then tell you to restart to apply it.

The same method works for Thunderbird’s Linux binary build (the one available to download from the Thunderbird website). If you use a DEB, Flatpak and Snap build you will update through a package managers, rather than inside the app itself.