This article was written for Thunderbird but also applies to Mozilla Suite / SeaMonkey (though some menu sequences may differ).
You can create a new account by pressing the Add Mail Account button in Tools -> Account Settings -> Account Actions. All you need to know is your email address and password, it will configure the account settings for you. It defaults to a IMAP account but you can tell it to use a POP account instead using a radio button. If you don't want it to automatically configure your account press the "Manual Config" button in the second screen of "Mail Account Setup".
After you create the POP/IMAP account in Thunderbird enable using the POP or IMAP server with your account by:
If you're using the same Gmail POP account with multiple email clients you need to enable recent mode in order to let each email client access all of the messages in that account. You can do that by replacing email@example.com with recent:firstname.lastname@example.org as the username in Tools -> Account Settings -> Server Settings.
Using OAuth2 for "secure authentication" will popup a window for your password using your systems default browser. It requires cookies to be enabled for google.com. Cookies are normally enabled by default (Tools -> Privacy -> Accept cookies from web site is checked, and "Keep until" is set to "until they expire"). OAuth2 creates a token that will be used as if it was a stored password, by the password wizard. You can use a normal password instead for "secure authentication". However, unless you log into https://www.google.com/settings/security/lesssecureapps using a browser and select Allow to let less secure apps access your Google account Gmail may return an error when you try to login if you haven't had the Gmail account for at least 90 days. They have changed the error message several times. Currently it should look something like: "Sending of password for user XYZ did not succeed. Mail server pop.gmail.com responded: Web login required: https://support.google.com/mail/answer/78754%22. 
Using a password is just as secure as OAuth2, except for the possibility for somebody who can access your PC to use Tools -> Options -> Security -> Passwords -> Saved Passwords to view your saved password. This is really just an attempt to increase use of OAuth2, which supports their business plan by supporting logging into third party web sites such as Facebook or Twitter without exposing the users password. After a while some other email providers such as Yahoo have started doing the same thing to encourage people to use their apps or webmail (instead of a 3rd party email client).
The account wizard might use googlemail.com instead of gmail.com in the server names. They are equivalent. Gmail was rebranded as Google Mail in Germany, Austria and the United Kingdom. Since 2012 Gmail is branded Gmail in germany
If you use the Gmail SMTP server with a different account it will replace the From: address with your Gmail accounts email address unless you add the email address in the Gmail web page at Setting -> Accounts -> "Add another email address"
Some users are reluctant to use Gmail because it has a reputation for scanning your mail in order to display personalized advertisements. According to this article that practice stopped 2017.
Set tools -> account settings -> server settings -> advanced -> IMAP server directory to [Gmail] to fix problems with how it lists folders in the folder pane.
Don't configure Thunderbird to save a copy of any messages you send in tools -> account settings -> copies & folders. Gmail's SMTP server automatically saves a copy of any message you send in the Sent Items folder for you.
The SMTP server also supports using port 465 with SSL/TLS. 
Subscriptions control whether an IMAP folder is visible in the folder pane (and any lists of folders). If it is cluttered with folders you don't normally use, you might want to hide some by unsubscribing them. You won't be notified of new mail in unsubscribed folders.
You can subscribe or unsubscribe a folder by:
You can also use the Subscribe and Unsubscribe buttons in that menu. If View -> Folders is set to Unified instead of All, right click on the accounts name underneath the (unified) inbox at the top of the folder pane since that view displays the inbox folder differently.
Gmail IMAP accounts have a All Mail folder which tracks every message. This is an artifact of how Gmail implemented labels, not a Thunderbird quirk. That folder is also used as the archive folder.
Tools -> Account Settings -> Gmail -> Synchronization & Storage -> Advanced is configured to keep a local copy of all IMAP folders on your hard disk. From a performance point of view you may wish to unsubscribe All Mail. (Note: Prior to version 17, being subscribed to All Mail folder doubles the amount of disk space used by Thunderbird to store your Gmail account ,and may cause some problems. Nowever, starting with version 17, with fixed bug 721316 only ONE copy of every newly downloaded message is kept on disk, so there is no need to unsubcribe from a storage point of view.) The safe way to unsubscribe and free the related disk space is:
If you have multiple Gmail IMAP accounts some of the directories will have a numeric prefix such as imap.gmail-1.com. Look at the "Local Directory" setting at the bottom of the Tools -> Account Settings -> account_name -> Server Settings (by the browse button) to find the name of that account's directory.
Suddenly can not login in anymore
Gmail routinely blocks logging into a POP account so that they can show you a message. You need to login to webmail using a browser to clear it . Sometimes you can't log in because Gmail thought something suspicious happened, and set a captcha. Thunderbird has no concept of a captcha, you need to login to webmail using a browser to clear it. Similar problems can appear if you use a VPN due to Gmail detecting that your IP address is from a location far from where you normally log in. This can cause security exceptions, and force you to periodically login to google to tell them that the remote login was you.
If you get a popup later on that you have to sign in to the Google account again, and then a "cookies disabled" web page you need to either enable cookies in Tools -> Options -> Privacy -> Web Content or add an exception for Google. 
There have been several reports of a working Gmail IMAP account breaking (can't login anymore) due to the allow less secure apps setting changing to disabled. Its not clear why this occurs, but its not something that Thunderbird can change. 
Less Secure Apps
Google is trying to push email clients to either use two factor authentication or OAuth2, rather than simply logging in with POP/IMAP/SMTP using your username/password. They are doing this by gradually increasing the number of times they prevent a email client from logging in with a password, claiming they did that because the email client was not secure enough. This is not limited to Thunderbird, it occurs with almost any email client. It has nothing to do with whether the email client is using the latest version of SSL/TLS or Perfect Forward Secrecy, its strictly an authentication issue. If you run into this your Gmail account may either appear to hang, you get some type of ΓÇ£Password incorrectΓÇ¥ error or you get a error message roughly like:
We recently blocked a sign-in attempt to your Google Account [XXXX@gmail.com]. If this was you you can switch to an app made by Google such as Gmail to access your account (recommended) or change your settings at https://www.google.com/settings/security/lesssecureapps so that your account is no longer protected by modern security standards. To learn more, see https://support.google.com/accounts/answer/6009563
If you keep using the same TCP-IP address for your PC/laptop you are usually okay. If you run into this problem log into https://www.google.com/settings/security/lesssecureapps using a browser and select ΓÇ£AllowΓÇ¥ to let less secure apps access your Google account. 
Why does Google call Thunderbird ΓÇ£less secureΓÇ¥? has some useful comments such as "OAuth is more secure because it only need to decrypt the keyring (i.e. passwords in plain text) for the very short duration while you authorize the mail agent, this is true whether you do the authentication in browser or if the mail software itself supports inbuilt OAuth authorization." Bypassing Googles two factor authentication and Google-jacking: A review of Google's 2-Factor Authentication discusses some of the risks of how they implemented two factor authentication.
Gmail added a so-called confidential mode to Gmail webmail. It does not use end to end encryption, so Google can still read the contents. It does not use standard email protocols to deliver the message. In a sense the message is never actually delivered. Its stored on Googles servers and you have to read the message in a browser. If you receive one of these messages in Thunderbird the message body will have a "view your message" link that you have to click on, which will open the message in a browser. There is a optional SMS feature that would require recipients to provide a cell phone number in order to get a SMS passcode. You can also set a expiration date for the message. That doesn't mean it ceases to exist, just that you can't read it anymore.
This is reminiscent of email tracking services that have a message load a remote image from their web server that is too tiny for the user to notice it, to track whether the message was read.
Normally Thunderbird can display a paper clip if there is a external attachment and use MIME Parts On Demand settings to manage whether attachments get loaded (if you don't open them). None of this applies for confidential mode since Thunderbird only sees the message with a link.
See how the new confidential mode works in gmail and Between You, Me, and Google: problems with Googles confidential mode for more information.
Troubleshooting and Gmail quirks
Gmail treats POP and IMAP messages individually and not as a threaded conversation.
The IMAP folders correspond to the labels in Gmail's webmail. IMAP folder hierarchy is represented by "/" in Gmail's label. e.g. IMAP subfolder XYZ under ABC is mapped to label of ABC/XYZ(maximum length=40 bytes). However, mapping of IMAP folder to Gmail's folder or label at Web interface is special on some special folders.
=> Gmail's folder of All Mail, Drafts, Sent mail, Spam, Starred, Trash.
=> Gmail's label of [Gmail]/XYZ.
=> Gmail's label of [Imap]/Drafts, [Imap]/Sent, [Imap]/Trash.
If you look at the All Mail folder([Gmail]/All Mail of IMAP) using Gmails webmail it will label any IMAP messages with the name of the folder. If you delete a message in Thunderbird it simply removes that folder's label from the message. Compacting the folder doesn't remove the message from the All Mail folder([Gmail]/All Mail of IMAP). You need to move it to the Trash or Spam folder([Gmail]/All Mail or [Gmail]/Spam of IMAP) to delete the message from all folders. It's not clear yet if this is also true for Message aging. Moving back of mail in [Gmail]/All Mail of IMAP to any IMAP mail folder(except [Gmail]/Spam) restores all Gmail's label.
A single copy of each message is stored in the account, and if the messages has multiple labels there are pointers to that copy, a change introduced in version 17.0.2 by bug 721316. (Prior to version 17.0.2 a copy of a message is stored for each label. That means if you assign two labels to a message and star it using Gmails webmail it has a copy in two folders named after the label, the All Mail folder, and the Starred folder.) If you copy a message to multiple remote folders (using Thunderbird) it will be marked with the corresponding labels when viewed using Gmail webmail.
If you move a message into the Spam folder, it is treated the same as if you had reported it in Gmail webmail using 'Report Spam'. See How do actions sync in IMAP? on Gmails web site for more information on how it maps things.
Gmail recommends that you do not use [Gmail]/Trash as your Trash folder since Gmail only keeps a single copy of a message with multiple labels. If you delete a message that way you're also telling it to delete the same message from any other folder (label) that has that message.  Gmail recommends not making Thunderbird move deleted mail into any folder and instead choose "Just mark it as deleted" from "When I delete a message" in Account Settings -> Server Settings.
Dots don't matter on Gmail addresses. If your address is email@example.com email sent to firstname.lastname@example.org, email@example.com, firstname.lastname@example.org etc. is sent to your mailbox. This is not just a quirk, it can be used as part of a phishing scam as companies that you give your credit card to usually don't take any precautions against your gmail email address not being unique. The danger is that we teach people about ΓÇ£phishingΓÇ¥ due to emails from dodgy email addresses, but we donΓÇÖt teach people anything about phishing due to emails to dodgy addresses.
Gmail imposes a bandwidth limit on the POP and IMAP servers. This is undocumented for free accounts. However, the G Suite (commercial version of Gmail) help states you can download up to 2500MB per day from a IMAP server, download 1250MB per day from a POP server, and upload 500MB per day to the IMAP server. These limits are lower than the corresponding limits for webmail. Gmail will silently fail if it reaches these limits. These limits apply to any email client (including Outlook and the OS X Mail app).
Gmail supports plus-addressing, a useful way to create a disposable email address. Let's say your email address is JohnSmith@gmail.com and you need to give the xyzzy website an email address. If you give them JohnSmithemail@example.com, it will still be delivered to your inbox, despite the To: header having an extra "+xyzzy". If somebody starts sending spam to that email address, you could create a message filter that tests for xyzzy in the To: header and automatically delete (or move to the Junk mail folder) those messages when checking for new mail. Some email systems violate RFC 2822 and won't send a message using plus addressing, but it is normally not a problem.
Gmail supports a way to periodically fetch email from up to five POP accounts and merge them into your inbox. The POP accounts could be provided by Gmail or another email provider. It works with Thunderbird, but you have to configure mail fetcherusing Gmail webmail.
Two step verification
The Google Account help advocates using two step authentication. That sends a code (a minimum of once a month but ideally every time you log in) to your cell phone that you need to enter when logging in using a browser. However applications such as email clients can't do that. If you configure two step verification you need to either use OAuth2 to authenticate or create an application specific password for Thunderbird that you use instead of the normal password. The application specific password doesn't change when a new code is sent to your cell phone. If you created a application specific password, you use it for a while, and later on its rejected, forcing you to create another one, try deleting all google cookies using Tools -> Options -> Privacy -> Show Cookies, exit and restart Thunderbird. 
Two step verification is not needed, and not recommended. Use a strong password, and don't use the same password with other email providers/web sites, instead. However, if you have another email account it is a good idea to set a recovery email address in case you ever forget/lose your password.
Gmail supports the CardDAV protocol (an address book client/server protocol designed to allow users to access and share contact data on a server). Currently the SoGo connector add-on is the best way to add CardDav support to Thunderbird. However, it has a reputation as being buggy and having poor support. There is a bug report requesting built-in support for CardDAV. The address book is being completely redesigned and will include support for multiple contact providers. Based on this blog post it looks like that will eventually include support for CardDAV. See this forum thread for information on other alternatives.
Gmail does not provide a LDAP server. LDAP is another protocol to access contact data. Thunderbird has built-in support for creating an address book that uses a LDAP server, but no support for modifying its contacts. You used to be able to use GCALDaemon to provide a the equivalent of a Gmail LDAP server, but it used the deprecated GData API, and doesn't work anymore.
Most people use the free version of Gmail. There is a commercial version of Gmail called G Suite. It used to be called "Google Apps for Your Domain". The main difference is that it has higher limits and is designed for companies that want to use their own domain in the email address. There is also another free version of Gmail called Inbox by Gmail that has a alternative user interface that has more of a focus on automatically classifying the content. Its available as a iOS or Android app or webmail (https://inbox.google.com/) . The app appears to be just another front end to a Gmail account, using the same mail servers.