by Martin Brinkmann on December 07, 2018 in Email – 3 comments
Thunderbird users who use a Master Password in the application to protect passwords may have been exposed to a password deletion issue in recent versions of the email client.
The release of Thunderbird 60.3.3 fixes the issue on all affected systems. The issue was introduced in client version 60.0 released in August 2018.
The major release introduced new functionality and made some changes to Thunderbird; one of those changes migrated the security databases key3.db and cert8.db used to store passwords and certificates to key4.db and cert9.db.
Thunderbird installations affected by the issue had saved passwords and private certificate keys deleted. The issue affected installations with master passwords. Master Passwords are not used by default but may be enabled in the Thunderbird email client to improve security.
Thunderbird users need to open Tools > Options > Security > Passwords to protect passwords with a Master Password. Just check the “use a master password” box on the page and follow the instructions to add it to the program.
The development team notes that affected users may restore a backed up version of the databases to regain access to passwords and private certificates. How that is done is not mentioned, however. The backups, with the .bak extension, are listed in the Thunderbird profile folder.
Affected users could rename the current file, e.g. key3.db, and rename the backup file key3.bak afterward. It is not clear if that is the method that the team suggests; make sure you back up all files before you proceed.
Thunderbird 60.3.3 fixes three additional issues:
- Slow address book search and auto-complete functionality.
- Plain text markup did not work with non-ASCII characters.
- Links were not removed when a link location was removed in the link properties panel.
The version of the email client has three unresolved issues:
- Issues when decoding messages with uncommon charsets such as cp932 or cp936. The team promises that this issue is going to be fixed in the upcoming Thunderbird 60.4.0 release.
- CalDav access to some servers is broken. Workaround is to set the preference network.cookie.same-site.enabled to false.
- Twitter chat is not working.
Users who run Thunderbird may notice that it is not offered currently when they run a manual check for updates under Help > About Mozilla Thunderbird. The official download page on the project website lists 60.3.2 as the latest version as well.
The new release is available on Mozilla’s FTP though.
Tip: Find out how to migrate from Thunderbird 32-bit to 64-bit. Note that Thunderbird is offered as a 32-bit version officially only currently on Windows.