Free Email Client “Thunderbird” v152.0 Released — Security Fixes and New Features
- Apple’s Native Linux Container Tool Has Arrived — But Can It Really Replace Docker?
- 60% of MD5 Password Hashes Can Be Cracked in Under an Hour with a Single GPU
- Dirty Frag: Root Access on Every Major Linux Distribution — No Patch, No Warning
- Proton Mail: Data Transferred to FBI Again!
- How Close Are Quantum Computers to Breaking RSA-2048?
- What is the best alternative to Microsoft Office?
Free Email Client “Thunderbird” v152.0 Released — Security Fixes and New Features
Mozilla Thunderbird 152.0, the free and open-source email client, was officially released on June 16, 2026, bringing one-click Thundermail setup, Gmail OAuth improvements, enterprise policy enhancements, and a batch of security fixes.
Overview
Thunderbird is a free, donation-welcome, open-source email client developed by MZLA Technologies Corporation, a subsidiary of the Mozilla Foundation. It supports Windows, macOS, and Linux, and is available for download from the official website thunderbird.net. The Windows version requires Windows 10 or later, macOS requires 10.15 or later, and Linux requires GTK+ 3.14 or higher.
Supported platforms for this release:
Download from thunderbird.netNew Features
- One-click Thundermail account setup: Users can now set up an account for Thundermail — the email service operated by the Thunderbird development team — with a single click, without any manual configuration.
- SecurityDevices support in enterprise policies: Administrators can now enable security devices through corporate policy controls, providing an additional option for managed Thunderbird deployments.
Notable Changes
- Gmail OAuth now uses PKCE: Authentication with Gmail has been updated to use PKCE (Proof Key for Code Exchange), an extension of OAuth 2.0 that strengthens the authorization flow, particularly in environments where client secrets cannot be securely stored.
- Mail server hostname verification: Thunderbird now checks the email server hostname when detecting address books and calendars, improving accuracy and security during autodiscovery.
- “About Your Rights” page updated: The content of the rights information page has been changed from a local (bundled) URL to a hosted web URL.
- “Hide completed tasks” also hides cancelled tasks: A minor but practical improvement for task management workflows.
- UI wording update: Account, calendar, and address book creation buttons now use “Add” instead of “New” for consistency.
Security Fixes
This release includes a significant batch of security vulnerability fixes, as documented in Mozilla Security Advisory MFSA 2026-60. The vulnerabilities span issues such as sandbox escapes, use-after-free bugs, JIT miscompilation, privilege escalation in the WebRender graphics component, and memory safety bugs.
Note that Thunderbird is generally less exposed than Firefox to scripting-based attacks because JavaScript is disabled by default in the email reading environment. Nevertheless, the presence of high-severity sandbox escape vulnerabilities in this cycle makes prompt updating strongly recommended.
Bug Fixes
Dozens of non-security bugs have also been addressed, including fixes for new mail alerts appearing on the wrong monitor in multi-display setups, spam notifications triggering before messages were moved to the spam folder, threading and sort order issues, POP3 deadlocks, IMAP subscription handling, EWS message loss, calendar invitation attendee deduplication, and various MIME and compose window improvements.
How to Get It
Thunderbird 152.0 is available for free download from thunderbird.net. Existing users will typically receive the update automatically through Thunderbird’s built-in update mechanism. The project is donation-supported; users are encouraged to contribute if they find the software valuable.
