thunderbird is vulnerable to information disclosure. Encrypted S/MIME parts in a malicious multipart/alternative message can leak plaintext when included in a a HTML reply/forward.
lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html
lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html
access.redhat.com/errata/RHSA-2019:2773
access.redhat.com/security/updates/classification/#important
bugzilla.mozilla.org/show_bug.cgi?id=1571481
usn.ubuntu.com/4150-1/
www.mozilla.org/security/advisories/mfsa2019-29/
www.mozilla.org/security/advisories/mfsa2019-30/