Today, January 7, 2016, Mozilla has announced the immediate availability for download of the Mozilla Thunderbird 38.5.0 email, news and chat client for all supported platforms, including Microsoft Windows, Mac OS X, and GNU/Linux.
SHA-1 does still matter as Mozilla backtracks on support. However, don't expect the company to support SHA-1 for the long term.
According to the plan we published earlier for deprecating SHA-1, on January 1, 2016, Firefox 43 began rejecting new certificates signed with the SHA-1 digest algorithm. For Firefox users with unfiltered access to the Internet, this change probably went unnoticed, since there simply aren’t that many new SHA-1 certs being used. However, for Firefox users who are behind certain “man-in-the-middle” devices (including some security scanners and antivirus products), this change removed their ability to access HTTPS web sites. When a user tries to connect to an HTTPS site, the man-in-the-middle device sends Firefox a new SHA-1 certificate instead of the server’s real certificate. Since Firefox rejects new SHA-1 certificates, it can’t connect to the server.