Sensitive Information Exposure

Thunderbird is vulnerable to Sensitive Information Exposure. The vulnerability is due to the encrypted subject of an email message being incorrectly and permanently assigned to an arbitrary other email message in Thunderbird’s local cache. This could lead to the accidental leakage of confidential subject information to a third party when replying to the contaminated email message. While the update fixes the bug and prevents future message contamination, existing contaminations are not automatically repaired. Users are advised to use the repair folder functionality available from the context menu of email folders, which will erase incorrect subject assignments.