Thunderbird has pushed out version 142.0 of its desktop email client, giving users new tools while addressing several serious security flaws. The update is available for Windows 10 and newer, macOS 10.15 or later, and Linux systems running GTK+ 3.14 or higher.
One of the standout additions is support for visual signatures in PDF attachments. Users can now open a PDF inside Thunderbird and add a signature directly, rather than jumping to an external app. The update also introduces new options in the header pane, letting users copy message and news links with a single click.
Folder management has improved too. Entire folders can now be copied within mail server accounts or local folders. And for anyone who went too far with custom sorting, the new “Reset Folder Order” option restores everything to the default layout.
Not every change adds functionality. The “Copy Message Location” entry has been stripped from the mail context menu to reduce clutter.
The Thunderbird team also squashed a long list of bugs. Errors when restarting with attachments open in tabs are gone. Notification sounds now respect the operating system’s do-not-disturb setting. Fastmail calendars that previously failed due to missing OAuth settings now work properly.
Linux users see fixes as well. The close caption button now works even when the cursor hovers in the screen corner. Toggling dark message mode no longer disrupts focus or scroll position. Performance on first launch has improved thanks to reduced lag while messages download.
Newsgroup handling has been cleaned up. New groups appear alphabetically, reconnections no longer require a restart, and failed posts no longer look successful. RSS feeds now archive to the right folder and links open with correct parameters.
Other issues have been addressed, including unified folder sending errors, missing WebP contact photos, mailto problems in Microsoft Store installations, and quirks with quick filters and “Mark All Read.” Thunderbird 142.0 should feel more polished across the board.
Security fixes are a key part of this release. CVE-2025-9179 closed a sandbox escape in the Audio/Video GMP component that allowed memory corruption. CVE-2025-9180 patched a same-origin policy bypass in Canvas2D. CVE-2025-9181 fixed uninitialized memory in the JavaScript engine. CVE-2025-9182 prevented denial-of-service crashes in WebRender caused by out-of-memory conditions.
Additional advisories, CVE-2025-9187, CVE-2025-9184, and CVE-2025-9185, covered memory safety flaws in Thunderbird, Firefox, and Firefox ESR. Some of these showed evidence of corruption and could have been exploited to run arbitrary code.
Between new PDF signing, better folder tools, bug fixes, and important security patches, Thunderbird 142.0 is an update worth installing right away.
