thunderbird allows unsecured files. The vulnerability exists due to an issue of when receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the internal HTML document, remote objects specified in the nested document (for example, images or videos), were not blocked allowing an attacker to load maliciously crafted files into the system.