thunderbird is vulnerable to arbitrary code execution. The vulnerability exists as an HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
www.mozilla.org/security/announce/2010/mfsa2010-34.html
www.redhat.com/security/updates/classification/#critical
access.redhat.com/errata/RHSA-2010:0545
bugzilla.mozilla.org/show_bug.cgi?id=507775
bugzilla.mozilla.org/show_bug.cgi?id=528644
bugzilla.mozilla.org/show_bug.cgi?id=529087
bugzilla.mozilla.org/show_bug.cgi?id=535926
bugzilla.mozilla.org/show_bug.cgi?id=559241
bugzilla.mozilla.org/show_bug.cgi?id=561539
bugzilla.mozilla.org/show_bug.cgi?id=564705
bugzilla.mozilla.org/show_bug.cgi?id=566136
bugzilla.mozilla.org/show_bug.cgi?id=567059
bugzilla.mozilla.org/show_bug.cgi?id=570657
bugzilla.mozilla.org/show_bug.cgi?id=574750
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11552