I have recently downloaded a tarball of Thunderbird, but certain things in it make me suspicious of whether someone has replaced it with a tampered version of Thunderbird.

Does anyone know the email address of the person who signs Mozilla software?

(I have a slow internet connection and downloading that thing takes an hour, and I am quite impatient.)

Thanks in advance,

The official download page is here:
http://www.mozilla.org/en-US/thunderbird/all.html

Why not use the version that is in the repos?

If you're concerned about downloading stuff, then don't. Use what's in the software center.

You should check the md5 sum (https://help.ubuntu.com/community/HowToMD5SUM/) of stuff you're downloading anyway.

If you're suspicious of the source, then why are you downloading it? Don't know what emailing the signer at Mozilla would give you- if you don't trust Mozilla then why would you trust someone you email at Mozilla?

Unfortunately, they have GPG signatures for their downloads. I want the address of the person who signs the packages so that I may get his pubkey and verify the tarball.

Unfortunately, they have GPG signatures for their downloads. I want the address of the person who signs the packages so that I may get his pubkey and verify the tarball.
Erm ok.

I guess you could look here:
http://support.mozilla.org/en-US/home

EDIT: What makes you think the tar is compromised? You never went into detail.

Take this to the Mozilla Project, it is not an issue for ubuntu