Mozilla Thunderbird is vulnerable to arbitrary code execution. A type confusion due to memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 allows an attacker to execute arbitrary code in the host OS.
access.redhat.com/errata/RHSA-2019:0680
access.redhat.com/errata/RHSA-2019:0966
access.redhat.com/errata/RHSA-2019:1144
access.redhat.com/security/updates/classification/#important
bugzilla.mozilla.org/buglist.cgi?bug_id=1518001%2C1521304%2C1521214%2C1506665%2C1516834%2C1518774%2C1524755%2C1523362%2C1524214%2C1529203
www.mozilla.org/en-US/security/advisories/mfsa2019-11/
www.mozilla.org/en-US/security/advisories/mfsa2019-12/
www.mozilla.org/security/advisories/mfsa2019-07/
www.mozilla.org/security/advisories/mfsa2019-08/
www.mozilla.org/security/advisories/mfsa2019-11/