thunderbird is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird.
lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html
lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html
secunia.com/advisories/34137
secunia.com/advisories/34140
secunia.com/advisories/34145
secunia.com/advisories/34272
secunia.com/advisories/34324
secunia.com/advisories/34383
secunia.com/advisories/34387
secunia.com/advisories/34417
secunia.com/advisories/34462
secunia.com/advisories/34464
secunia.com/advisories/34527
slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420
slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952
support.avaya.com/elmodocs2/security/ASA-2009-069.htm
support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document
www.debian.org/security/2009/dsa-1751
www.debian.org/security/2009/dsa-1830
www.mandriva.com/security/advisories?name=MDVSA-2009:075
www.mandriva.com/security/advisories?name=MDVSA-2009:083
www.mozilla.org/security/announce/2009/mfsa2009-07.html
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2009-0258.html
www.redhat.com/support/errata/RHSA-2009-0315.html
www.redhat.com/support/errata/RHSA-2009-0325.html
www.securityfocus.com/bid/33990
www.securitytracker.com/id?1021795
www.vupen.com/english/advisories/2009/0632
access.redhat.com/errata/RHSA-2009:0258
bugzilla.mozilla.org/show_bug.cgi?id=473709
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11138
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5947
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6057
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6121
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6945
usn.ubuntu.com/741-1/
www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html
www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html
www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html