Mozilla Thunderbird is vulnerable to access controls bypass. File downloads encoded with blob: and data: URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. Malicious sites could lure users into downloading executables that would otherwise be detected as suspicious.
www.securityfocus.com/bid/101059
www.securitytracker.com/id/1039465
access.redhat.com/errata/RHSA-2017:2831
access.redhat.com/errata/RHSA-2017:2885
access.redhat.com/security/updates/classification/#important
bugzilla.mozilla.org/show_bug.cgi?id=1376036
lists.debian.org/debian-lts-announce/2017/11/msg00000.html
security.gentoo.org/glsa/201803-14
www.debian.org/security/2017/dsa-3987
www.debian.org/security/2017/dsa-4014
www.mozilla.org/en-US/security/advisories/mfsa2017-23/
www.mozilla.org/security/advisories/mfsa2017-21/
www.mozilla.org/security/advisories/mfsa2017-22/
www.mozilla.org/security/advisories/mfsa2017-23/