thunderbird is vulnerable to information disclosure. The vulnerability exists as setting a master password after thunderbird 52 does not ensure that previously stored unencrypted passwords are deleted.
access.redhat.com/errata/RHSA-2020:0565
access.redhat.com/security/updates/classification/#important
bugzilla.mozilla.org/show_bug.cgi?id=1606619
security.gentoo.org/glsa/202003-10
usn.ubuntu.com/4328-1/
usn.ubuntu.com/4335-1/
www.mozilla.org/en-US/security/advisories/mfsa2020-07/
www.mozilla.org/security/advisories/mfsa2020-07/