CVE-2018-18505: Privilege escalation through IPC channel messages
CVE-2016-5824: DoS (use-after-free) via a crafted ics file
CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with
TextureStorage11
CVE-2018-18492: Use-after-free with select element
CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia
CVE-2018-18494: Same-origin policy violation using location attribute and
performance.getEntries to steal cross-origin URLs
CVE-2018-18498: Integer overflow when calculating buffer sizes for images
CVE-2018-12405: Memory safety bugs
Other bug fixes and changes:
FileLink provider WeTransfer to upload large attachments
Thunderbird now allows the addition of OpenSearch search engines
from a local XML file using a minimal user inferface: [+] button
to select a file an add, [-] to remove.
More search engines: Google and DuckDuckGo available by default
in some locales
During account creation, Thunderbird will now detect servers
using the Microsoft Exchange protocol. It will offer the
installation of a 3rd party add-on (Owl) which supports that
protocol.
Thunderbird now compatible with other WebExtension-based
FileLink add-ons like the Dropbox add-on
New WebExtensions FileLink API to facilitate add-ons
Fix decoding problems for messages with less common charsets
(cp932, cp936)
New messages in the drafts folder (and other special or virtual
folders) will no longer be included in the new messages
notification
Thunderbird 60 will migrate security databases (key3.db, cert8.db
to key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a
fault that potentially deleted saved passwords and private certificate
keys for users using a master password. Version 60.3.3 will prevent
the loss of data; affected users who have already upgraded to version
60.3.2 or earlier can restore the deleted key3.db file from backup
to complete the migration.
Address book search and auto-complete slowness introduced in
Thunderbird 60.3.2
Plain text markup with * for bold, / for italics, _ for underline
and | for code did not work when the enclosed text contained
non-ASCII characters
While composing a message, a link not removed when link location
was removed in the link properties panel
Encoding problems when exporting address books or messages using
the system charset. Messages are now always exported using the
UTF-8 encoding
If the 'Date' header of a message was invalid, Jan 1970 or Dec 1969
was displayed. Now using date from 'Received' header instead.
Body search/filtering didn't reliably ignore content of tags
Inappropriate warning 'Thunderbird prevented the site
(addons.thunderbird.net) from asking you to install software on
your computer' when installing add-ons
Incorrect display of correspondents column since own email
address was not always detected
Spurious
(encoded newline) inserted into drafts and sent email
Double-clicking on a word in the Write window sometimes
launched the Advanced Property Editor or Link Properties dialog
Fixe Cookie removal
'Download rest of message' was not working if global inbox was
used
Fix Encoding problems for users (especially in Poland) when a
file was sent via a folder using 'Sent to > Mail recipient'
due to a problem in the Thunderbird MAPI interface
According to RFC 4616 and RFC 5721, passwords containing
non-ASCII characters are encoded using UTF-8 which can lead to
problems with non-compliant providers, for example
office365.com. The SMTP LOGIN and POP3 USER/PASS
authentication methods are now using a Latin-1 encoding again
to work around this issue
Fix shutdown crash/hang after entering an empty IMAP password