thunderbird is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird.
lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html
lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html
secunia.com/advisories/34137
secunia.com/advisories/34140
secunia.com/advisories/34145
secunia.com/advisories/34272
secunia.com/advisories/34324
secunia.com/advisories/34383
secunia.com/advisories/34387
secunia.com/advisories/34417
secunia.com/advisories/34462
secunia.com/advisories/34464
secunia.com/advisories/34527
slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420
slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952
support.avaya.com/elmodocs2/security/ASA-2009-069.htm
support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document
www.debian.org/security/2009/dsa-1751
www.debian.org/security/2009/dsa-1830
www.mandriva.com/security/advisories?name=MDVSA-2009:075
www.mandriva.com/security/advisories?name=MDVSA-2009:083
www.mozilla.org/security/announce/2009/mfsa2009-07.html
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2009-0258.html
www.redhat.com/support/errata/RHSA-2009-0315.html
www.redhat.com/support/errata/RHSA-2009-0325.html
www.securityfocus.com/bid/33990
www.securitytracker.com/id?1021795
www.vupen.com/english/advisories/2009/0632
access.redhat.com/errata/RHSA-2009:0258
bugzilla.mozilla.org/show_bug.cgi?id=475136
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5703
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5945
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6097
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6811
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9609
usn.ubuntu.com/741-1/
www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html
www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html
www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html