thunderbird is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html
lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html
secunia.com/advisories/42867
support.avaya.com/css/P8/documents/100114250
support.avaya.com/css/P8/documents/100120156
www.debian.org/security/2010/dsa-2124
www.mandriva.com/security/advisories?name=MDVSA-2010:210
www.mandriva.com/security/advisories?name=MDVSA-2010:211
www.mozilla.org/security/announce/2010/mfsa2010-64.html
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2010-0780.html
www.redhat.com/support/errata/RHSA-2010-0781.html
www.redhat.com/support/errata/RHSA-2010-0782.html
www.redhat.com/support/errata/RHSA-2010-0861.html
www.redhat.com/support/errata/RHSA-2010-0896.html
www.securityfocus.com/bid/44243
www.ubuntu.com/usn/USN-997-1
www.ubuntu.com/usn/USN-998-1
www.vupen.com/english/advisories/2011/0061
access.redhat.com/errata/RHSA-2010:0780
bugzilla.mozilla.org/show_bug.cgi?id=509075
bugzilla.mozilla.org/show_bug.cgi?id=559344
bugzilla.mozilla.org/show_bug.cgi?id=566141
bugzilla.mozilla.org/show_bug.cgi?id=568073
bugzilla.mozilla.org/show_bug.cgi?id=568303
bugzilla.mozilla.org/show_bug.cgi?id=580151
bugzilla.mozilla.org/show_bug.cgi?id=583957
bugzilla.mozilla.org/show_bug.cgi?id=594760
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12132