Mozilla shipped Thunderbird 152 on June 16, 2026, tightening Gmail authentication and expanding enterprise configuration options. The update arrives shortly after Firefox 152 and targets both security-focused users and organizations managing large Thunderbird fleets, according to the official Thunderbird 152 release notes.
The headline change is a Gmail OAuth 2.0 upgrade to Proof Key for Code Exchange (PKCE). PKCE blocks malicious apps from intercepting authorization codes during login flows, adding protection that standard OAuth does not provide, as detailed in the Thunderbird 152 release notes.
Enterprise administrators also gain SecurityDevices support in enterprise policies, making it easier to enforce hardware security key requirements across managed devices Thunderbird security advisories.
One-click Thundermail setup
Thunderbird 152 adds native one-click account setup for Thundermail accounts. Thundermail is Mozilla’s paid email-subscription service; the new setup flow reduces sign-up friction for users who want to try it inside Thunderbird official Thunderbird 152 release notes.
Thunderbird 152 Hardens Gmail OAuth And En: Where did the bugs go?
Thunderbird 152 ships with a long list of threading, IMAP, NNTP, EWS, and MIME fixes. The most visible ones include:
– Spam messages no longer trigger new-mail notifications before they reach the Spam folder
– New-mail alerts stay on the correct monitor in three-display setups
– Messages nested past 255 levels no longer vanish from threading view
– Deleting a thread member and undoing the action no longer corrupts the view
– EWS-over-IMAP habits: Thunderbird now hard-deletes EWS folders instead of sending them to Trash
– Calendar event handling now distinguishes single occurrences from series events Thunderbird security advisories
Security fixes for Thunderbird 152 are tracked separately through Mozilla’s official known-vulnerabilities page Mozilla Security Advisories.
Is this worth updating now?
If you use Gmail and rely on enterprise policies, the PKCE and SecurityDevices changes are non-negotiable. Casual users can still benefit from the threading and notification bug fixes, but there is no must-have consumer feature in this release Thunderbird 152 release notes.
Bottom line: Thunderbird 152 is a maintenance and security release. Update it if you use Gmail OAuth or manage Thunderbird through enterprise policies; otherwise, it is a standard patch cycle.
