thunderbird is vulnerable to remote code execution. The vulnerability exists due to the lack of sanitization of the execution context which allows Javascript to be enabled in the composition area.
access.redhat.com/errata/RHSA-2021:5055
access.redhat.com/security/updates/classification/#important
bugzilla.mozilla.org/show_bug.cgi?id=1742579
bugzilla.redhat.com/show_bug.cgi?id=2030137
lists.debian.org/debian-lts-announce/2022/01/msg00001.html
security.gentoo.org/glsa/202208-14
www.debian.org/security/2022/dsa-5034
www.mozilla.org/security/advisories/mfsa2021-54/