Mozilla Thunderbird is vulnerable to cross site scripting (XSS) vulnerability. This affects an unknown functionality of the component RSS Feed Handler. Attackers can execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website.
www.securityfocus.com/bid/102258
www.securitytracker.com/id/1040123
access.redhat.com/errata/RHSA-2018:0061
access.redhat.com/security/updates/classification/#important
bugzilla.mozilla.org/show_bug.cgi?id=1411716
lists.debian.org/debian-lts-announce/2017/12/msg00026.html
www.debian.org/security/2017/dsa-4075
www.mozilla.org/en-US/security/advisories/mfsa2017-30/
www.mozilla.org/security/advisories/mfsa2017-30/