Updated thunderbird packages fix security vulnerabilities

Multiple vulnerabilies have been fixed in thunderbird. * JavaScript Execution via RSS in mailbox:// origin (CVE-2017-7846). * Local path string can be leaked from RSS feed (CVE-2017-7847). * RSS Feed vulnerable to new line Injection (CVE-2017-7848). * Mailsploit From address with encoded null character is cut off in message header display (CVE-2017-7829). Multiple vulnerabilies have been fixed in the bundled enigmail package. * An issue was discovered that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list (CVE-2017-17843). * A remote attacker can obtain cleartext content by sending an encrypted data block to a victim, and relying on the victim to automatically decrypt that block and then send it back to the attacker as quoted text (CVE-2017-17844). * An issue was discovered where Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp) (CVE-2017-17845). * An issue was discovered where regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings (CVE-2017-17846). * An issue was discovered that signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message (CVE-2017-17847). * In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed (CVE-2017-17848)