Related Vulnerabilities: CVE-2018-12383  

A security issue has been found in Thunderbird versions prior to 60.2.1. If a user saved passwords before the move to a new password format and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations.

Severity Low

Remote No

Type Information disclosure

Description

A security issue has been found in Thunderbird versions prior to 60.2.1. If a user saved passwords before the move to a new password format and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations.

AVG-782 thunderbird 60.0-4 60.2.1-1 Critical Fixed FS#60424

18 Oct 2018 ASA-201810-13 AVG-782 thunderbird Critical multiple issues

https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12383
https://bugzilla.mozilla.org/show_bug.cgi?id=1475775