thunderbird/firefox is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html
secunia.com/advisories/45002
support.avaya.com/css/P8/documents/100144854
support.avaya.com/css/P8/documents/100145333
www.mandriva.com/security/advisories?name=MDVSA-2011:111
www.mozilla.org/security/announce/2011/mfsa2011-19.html
www.redhat.com/support/errata/RHSA-2011-0885.html
www.redhat.com/support/errata/RHSA-2011-0886.html
www.redhat.com/support/errata/RHSA-2011-0887.html
www.redhat.com/support/errata/RHSA-2011-0888.html
www.ubuntu.com/usn/USN-1149-1
access.redhat.com/errata/RHSA-2011:0886
access.redhat.com/security/updates/classification/#critical
bugzilla.mozilla.org/show_bug.cgi?id=651990
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13318