thunderbird/firefox is vulnerable to Same-Origin Policy bypass. It was found that Thunderbird could treat two separate cookies (for web content) as interchangeable if both were for the same domain name but one of those domain names had a trailing “.” character. This violates the same-origin policy and could possibly lead to data being leaked to the wrong domain.
lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html
secunia.com/advisories/45002
support.avaya.com/css/P8/documents/100144854
support.avaya.com/css/P8/documents/100145333
www.debian.org/security/2011/dsa-2268
www.debian.org/security/2011/dsa-2269
www.debian.org/security/2011/dsa-2273
www.mandriva.com/security/advisories?name=MDVSA-2011:111
www.mozilla.org/security/announce/2011/mfsa2011-24.html
www.redhat.com/support/errata/RHSA-2011-0885.html
www.redhat.com/support/errata/RHSA-2011-0886.html
www.redhat.com/support/errata/RHSA-2011-0887.html
www.redhat.com/support/errata/RHSA-2011-0888.html
www.ubuntu.com/usn/USN-1149-1
access.redhat.com/errata/RHSA-2011:0886
access.redhat.com/security/updates/classification/#critical
bugzilla.mozilla.org/show_bug.cgi?id=616264
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13693