Thunderbird 149.0 Arrives with New Address Book Tools and EWS Improvements

Thunderbird 149.0 Released — Tech News

Software Release

Thunderbird 149.0 Arrives with New Address Book Tools and EWS Improvements

Mozilla’s open-source email client ships a focused update: CSV export for contacts, persistent starred messages in Exchange Web Services, and account hub creation for address books — alongside the usual wave of bug fixes and security patches.

By Open Source Dispatch Staff March 25, 2026 Source: thunderbird.net

Latest Stable Release

Thunderbird Desktop 149.0

Released March 24, 2026 · Windows / macOS / Linux · Free & Open Source

The Thunderbird project released version 149.0 of its desktop email client on March 24, 2026, delivering a small but meaningful set of new capabilities alongside an extensive list of bug fixes. The release is available now as a free download from thunderbird.net, the project’s official home, for all three supported platforms.

Thunderbird remains fully free to use, with the project sustained by voluntary donations from its community. It is open-source software developed under the umbrella of MZLA Technologies Corporation, a wholly owned subsidiary of the Mozilla Foundation.

What’s New

Three headline additions define this release, each addressing long-standing workflow gaps for Thunderbird’s power users.

📤

CSV Address Book Export

Users can now select specific contacts and export them directly as a CSV file — a frequently requested feature for migrating or sharing contact lists.

⭐

EWS Starred Message Sync

Starred (flagged) messages in Exchange Web Services accounts now persist across devices, bringing Thunderbird’s EWS experience closer to parity with native clients.

📒

Address Books via Account Hub

Address books can now be created directly within the Account Hub — Thunderbird’s wizard-based account setup interface — streamlining initial configuration.

🔧

Visual & UX Improvements

A range of interface refinements have been applied throughout the application, along with numerous targeted bug fixes across mail, calendar, and compose functions.

Bug Fixes: A Lengthy List

Version 149.0 is notable for the breadth of its fixes. Among the resolved issues: Shift-clicking the Edit button in drafts view now works as expected; “Replace All” in the composer correctly updates plain-text content in real time; and “Repair text encoding” no longer duplicates recipients or attachments — a disruptive bug that caught users off guard.

Readability in dark themes also sees improvement, with link colors now offering sufficient contrast. Several folder-tree issues have been resolved, including a bug where new-message stars stopped displaying and another where renaming a unified folder inadvertently created a duplicate entry.

On the security and cryptography front, the reason for a revoked certificate is now properly surfaced to users. Fixes also address failures opening OpenPGP signed messages in certain header configurations, and a long-standing issue preventing S/MIME CSR file generation.

“EWS messages could fail to sync in some scenarios” and “After Sending filters were not working correctly” — two fixes that will be quietly celebrated by corporate Thunderbird users.

Calendar users receive attention as well: a broken “Publish Calendar” dialog that showed only an empty OK/Cancel popup has been repaired, dismissed Gmail calendar reminders now behave correctly, and local calendar HTML export is restored.

Security Fixes

Thunderbird 149.0 includes a security update, listed in the release notes under Mozilla’s standard security advisory process. The full details of severity ratings and individual CVEs will be published separately by Mozilla at their security advisories page once the advisory is released. As of this article’s publication, the advisory for Thunderbird 149 has not yet been posted.

⚠ Security Advisory — Pending

Mozilla lists security fixes in Thunderbird 149.0, but has not yet published the corresponding CVE advisory at the time of writing. Users should check mozilla.org/security for the full breakdown of affected components and severity ratings once it becomes available. As a general best practice, updating to the latest release promptly is always recommended.

It is worth noting that Thunderbird’s security exposure differs from Firefox in one important respect: JavaScript execution is disabled by default in email messages, which significantly reduces the attack surface compared to a full web browser. Nevertheless, security patches in any new version should be taken seriously, and users are encouraged to update.

System Requirements

Platform	Minimum Requirement
Windows	Windows 10 or later
macOS	macOS 10.15 (Catalina) or later
Linux	GTK+ 3.14 or higher

Clarification Some secondary sources reported that Thunderbird 149.0 is available through the Microsoft Store. This has not been confirmed by the official Thunderbird release notes or thunderbird.net, and should be treated as unverified. The official download channel remains thunderbird.net. Additionally, specific CVE counts and severity breakdowns cited in some reports (e.g., “48 CVEs, 20 high”) are not supported by Mozilla’s security advisory page, which had not published an advisory for version 149 at the time of writing.

How to Update

Existing Thunderbird installations can update via Help → About Thunderbird, which will trigger an automatic check and download. Fresh installations are available at thunderbird.net/en-US/thunderbird/all/, where builds for all supported languages and platforms are listed.

— ✦ —

This article is based on the official Thunderbird 149.0 release notes published at thunderbird.net and Mozilla’s security advisory index. Information about the security advisory will be updated when Mozilla publishes it.

Thunderbird 149.0 Arrives with New Address Book Tools and EWS Improvements