thunderbird is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird.
lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html
rhn.redhat.com/errata/RHSA-2009-0256.html
secunia.com/advisories/33799
secunia.com/advisories/33802
secunia.com/advisories/33808
secunia.com/advisories/33809
secunia.com/advisories/33816
secunia.com/advisories/33831
secunia.com/advisories/33841
secunia.com/advisories/33846
secunia.com/advisories/33869
secunia.com/advisories/34324
secunia.com/advisories/34417
secunia.com/advisories/34462
secunia.com/advisories/34464
secunia.com/advisories/34527
slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420
slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952
support.avaya.com/elmodocs2/security/ASA-2009-040.htm
www.debian.org/security/2009/dsa-1830
www.mandriva.com/security/advisories?name=MDVSA-2009:044
www.mandriva.com/security/advisories?name=MDVSA-2009:083
www.mozilla.org/security/announce/2009/mfsa2009-01.html
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2009-0257.html
www.redhat.com/support/errata/RHSA-2009-0258.html
www.securityfocus.com/bid/33598
www.securitytracker.com/id?1021663
www.ubuntu.com/usn/usn-717-1
www.vupen.com/english/advisories/2009/0313
access.redhat.com/errata/RHSA-2009:0258
bugzilla.mozilla.org/show_bug.cgi?id=452913
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11193
www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html
www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html
www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html
www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html