The thread in which this sub-topic got started has been locked (for good reasons). But just to clarify, Mozilla Foundation has not stopped issuing for Thunderbird Security and Stability Updates. So Thunderbird continues to be a safe and secure email client.
What was stopped was new feature development. Details here:
http://news.softpedia.com/news/Mozilla-Stops-Thunderbird-Development-Will-Only-Get-Stability-and-Security-Fixes-279909.shtml
Last Version Update Release Notes here:
v.24.0, released: September 17, 2013
And last Security Update Release Notes here:
http://www.mozilla.org/en-US/thunderbird/24.4.0/releasenotes/
Sorry if any confusion has been caused by me relaying the End of Life announcement from 2012.
Regarding the Heartbleed Vulnerability, Mozilla Products, including Firefox and Thunderbird, use their own variation on SSL:
First candidate: Mozilla’s Network Security Services (NSS) library family, available under multiple license arrangements and with a fairly regular cycle of releases, the last debuting in mid-March 2014. Predictably, Mozilla’s own applications — Firefox, Mozilla Suite, Thunderbird — all use it, but so do a slew of well-known third-party applications: AOL Instant Messenger and many third-party clients for the service; OpenOffice.org 2.0; and numerous Red Hat server products such as Red Hat Directory Server and mod_nss for the Apache httpd Web server.
http://www.infoworld.com/t/encryption/after-heartbleed-4-openssl-alternatives-work-240304
Mid-March 2014 was the release date for Thunderbird 24.4.0. Upgrade if you haven’t done so already.
So Thunderbird was actually slightly ahead of the Heartbleed curve, it appears.
-- rc primak
