thunderbird is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html
lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html
secunia.com/advisories/42867
support.avaya.com/css/P8/documents/100114250
support.avaya.com/css/P8/documents/100120156
www.debian.org/security/2010/dsa-2124
www.mandriva.com/security/advisories?name=MDVSA-2010:210
www.mandriva.com/security/advisories?name=MDVSA-2010:211
www.mozilla.org/security/announce/2010/mfsa2010-66.html
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2010-0780.html
www.redhat.com/support/errata/RHSA-2010-0781.html
www.redhat.com/support/errata/RHSA-2010-0782.html
www.redhat.com/support/errata/RHSA-2010-0861.html
www.redhat.com/support/errata/RHSA-2010-0896.html
www.securityfocus.com/bid/44248
www.ubuntu.com/usn/USN-997-1
www.ubuntu.com/usn/USN-998-1
www.vupen.com/english/advisories/2011/0061
access.redhat.com/errata/RHSA-2010:0780
bugzilla.mozilla.org/show_bug.cgi?id=588929
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12158