[German]The developers of the Thunderbird email client want to slowly start migrating Thunderbird 78.x users to the new Thunderbird 91.x development branch. In Thunderbird 91, however, users should be prepared for problems or inconsistencies. In addition, the developers probably do not manage for six years to check add-ons in the user profile for legitimacy. Here a small overview to this topic.
Migration from 78.x to Thunderbird 91 starts soon
The development branch 78 of Thunderbird will end soon – because with Thunderbird 78.15.0 the development ends (Tom pointed it out here). Currently we are at Thunderbird 78.14.0 (see Thunderbird 78.14.0), but there is already the Thunderbird 91 development branch (see Thunderbird 91.2.0).
At Bleeping Computer I found the following: As of October 5, 2021, 85% of Thunderbird users were using client version 78, and only 9% had manually upgraded to 91.
So far, Thunderbird 78.x users have not been upgraded to version 91 when checking for updates. I myself am still on version 78.x and an update search does not yet offer Thunderbird 91 after. But both ghacks.net and Bleeping Computer reported a few days ago that the change to version 91 is done via update – probably runs in waves.
What you should know / consider
In the last days and weeks I have received various information about Thunderbird from blog readers, which I would like to include in this article and post on the blog.
German blog reader Patrick already contacted me on September 23, 2021 and pointed out a change that occurs when upgrading from Thunderbird 78.x to version 91.x.
Both PDF scripting (pdfjs.enableScritping = false) and the PDF reader (pdfjs.disabled = true) can be disabled via the Config Editor.
German blog reader Z.A. contacted me by email on 9/26/2021 and pointed out that Thunderbird also used data reporting (telemetry). In the following text he refers to my blog post Does Firefox 89/90 pull data again? in which I discuss the topic telemetry and user data extinction by Firefox. Z.A. wrote that this is also the case with Thunderbird..
Hello Mr. Born,
some time ago you had raised the issue of data reporting in Firefox. Blog readers had contributed measures how to prevent the reporting. I just found out today that the archive folder (found in the profile) is also created in Thunderbird and is filled with data.
If anyone is interested here is a suggestion to turn off Datareporting on TB (I use 78).
All via Settings – General – Edit configuration (at the bottom).
Disable Mozilla Telemetry
browser.send_pings = false
browser.send_pings.max_per_link = 0
toolkit.telemetry.enabled = false
toolkit.telemetry.unified = false
Thunderbird contacts Mozilla daily and sends an accurate list of installed add-ons
extensions.getAddons.cache.enabled = false
disable beacons: beacon.enabled = false
disable timing APIs : dom.enable_resource_timing = false
Maybe it helps you – thanks to blog reader Z.A. for the hint.
Signature problems with Outlook?
German blog reader Headster has responded to my blog post Thunderbird 91.2.0 with a comment pointing out a problem with Thunderbird 91.x in conjunction with signed emails and Microsoft Outlook. He writes (translated from German):
Hi all, I noticed a bug a few days ago – at least I suspect it's a bug – that I've only been experiencing since upgrading to the 91.x branch:
I sign outgoing emails with S/MIME. Thunderbird evaluates the signature as valid, Outlook 365 on the other hand complains that the message has been tampered with; in the details you can see that Outlook assumes that the message may have been changed after signing.
When I noticed this by chance the other days, I took a closer look and found out the following points:
- Occurs only since switching from the 78.x to the 91.x branch (certificate and settings regarding S/MIME have not been changed in the meantime)
- Occurs under Windows, macOS and Linux
- Occurs only if mails are formatted as HTML – Outlook does not complain with text-only messages!
- Thunderbird itself always finds all mails (HTML + text only) as correctly signed.
Of course it could be a bug in Outlook 365, but the error did not occur with mails that were still signed with Thunderbird 78.x, as I said.
Can anyone confirm this or know a workaround? I have found little useful on the net so far.
The comment got a bit bogged down and there was no feedback. If anyone can confirm, that would be helpful. Thanks to Headster for pointing this out.
S/Mime-Bug under Windows
German blog reader Mark Heitbrink pointed out, that S/Mime only works with Thunderbird certificate store. With Microsoft certificate store signing/encrypting with S/Mime fails. There is a bug report, but it is already closed. However, the bug is still present according to Mark.
Security issue since 6 years
Stefan Kanthak emailed me the other day to point out an unsightly thing affecting Firefox and Thunderbird. Since six years there was a vulnerability in Firefox/Thunderbird, which allows to overwrite add-ons in the profile. This could be abused to execute arbitrary code by an attacker replacing the add-ons in the user profile. Six years ago, this bug submission was made to Firefox 31. A week ago, this bug report was marked as "closed" because the Thunderbird calendar is now no longer an add-on – but the problem has not been fixed yet.
Cookies helps to fund this blog: Cookie settings