I would say it's most unlikely. Cant figure out how that can be done. Your passwords in Thunderbird are encrypted and can not be read from outside TB When ever Thunderbird wants to check if there are new messages it will send a request to the mail-server, which will answer and ask for a password. This is then sent encrypted. The server acknowledge and download begins. At the end TB thanks the server and closes the connection. The password is not used again until next time TB checks for new arrivals. How often it will do that can be set in Account settings / server settings (The server thou, limits the number of calls/h.) All the time in between there are no communication and no open connections.

Your biggest risk when in Thunderbird is to open an attachment that's malicious or clicking on a false link.

The Thunderbird password is to prevent any that physically get their hands on your PC to run TB and there open and read the account-pws. If you loose it you have to enter all your account-pws again.

A strong firewall and a good Antivirus program is your best safeguard

Thank you for your answer!

I see. So unless someone else is behind my Mac by themselves I have nothing to fear regarding the password Thunderbird uses to open my email? That was really my biggest fear, that during the connection someone from outside could hack the connection due to site/cookies that are open in browser.

[Your biggest risk when in Thunderbird is to open an attachment that's malicious or clicking on a false link.] May I ask about this - you mean risk that something bad drops into my Mac, not that it steals the password? As if it needs to drop in, I have Avira and Malwarebytes manual scanner to find them.

Privacy basics info:

• http://kb.mozillazine.org/Privacy_basics_(Thunderbird)
• https://support.mozilla.org/en-US/kb/remote-content-in-messages

It is safer:

• not to allow remote content.
• do not auto use 'Display attachments inline'

Plain text mode strips all formatting, so is regarded as safest mode, but HTML is ok providing you follow basic guidlines.

Be wary of attachments. Be sure they really have come from the person who allegedly sent them as some nefarious people abuse other peoples email addresses trying to con you into opening the emails and attachments.

I've had some emails from a friends email address with attachments which try to mimic jpeg images but in reality these email had been sent by unknown person abusing friends email address and the attachment were really .exe files. Never open anything that is a .exe file. Usually, these emails just do not feel right. It doesn't 'sound' like the person who would normally write to you.

Hover over any links to see the real link shown in bottom Status Bar, before clicking on the link.

BTW... if you select an email in the list of messages and it displays in the lower Message Pane, then this is not a 'preview' as some people may think. Selecting to open in Message Pane, new tab or new window has the same result. The email was opened.

Thank you for replies!

- Don't click on unknown links - Have remote content disabled - And Thunderbird can be open and connect to mail server even when surfing with browser and no one can hack the connection

and no one can hack the connection

As long as you use a secure (i.e. encrypted) connection to the server. That's indicated by a little padlock at your account name in the folder pane.

If the connection isn't encrypted your password is sent in the clear, which is bad.

christ1 said

and no one can hack the connection

As long as you use a secure (i.e. encrypted) connection to the server. That's indicated by a little padlock at your account name in the folder pane.

If the connection isn't encrypted your password is sent in the clear, which is bad.

You mean this little lock? http://i.imgur.com/IMqDQW7.png

My outgoing server settings: http://i.imgur.com/JhI3qQk.png Security settings http://i.imgur.com/Wsmss5Y.png

It is the use of the term hack that makes me comment.

It is entirely possible if your computer security is por enough or you fall victim of social engineering phishing attack that malicious software can be installed on your computer. One of those things could be a keylogger that logs every keystroke you make.

With one of those things on a computer it is basically the same as if the remote person were sitting looking over your left shoulder all the time and writing down everything you do.

This link http://osxdaily.com/2012/10/10/remote-control-mac-screen-sharing-os-x/ discusses a useful feature of OSX, in the wrong hands however it is not useful but a security risk.

SO Thunderbird does it's best to secure your passwords while they are in motion over the internet, it also offers a master password Protect your Thunderbird passwords with a Primary Password

But the risks you face extend beyond what Thunderbird can do.

But without malicious software on your machine, I am unaware of any way a web site can interact with Thunderbird except by using the mailto: protocol. That is you click a send email button and the web page passes out the details into a Thunderbird compose window. This however does just what it says on the box and the risks of clicking on mailto links are very very small. I am not aware of any instance where they have been used maliciously.

Thank you for your reply!

I am very paranoid, coming from Windows, so all those sharing services in Mac are shut down and I have Avira for antivirus and Malwarebytes for occasional scanning.

I also try to install only very needed or well known apps.

I was afraid about the connection between TB and mail server because that's something I can't control or know much about. But your answer put my fears to rest again. Thank you.