thunderbird is vulnerable to phishing attacks. The vulnerability exists as it is possible to spoof the sender’s email address and display an arbitrary sender address to the email recipient. The real sender’s address is not displayed if preceded by a null character in the display string.