thunderbird/firefox is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html
secunia.com/advisories/45002
securityreason.com/securityalert/8472
support.avaya.com/css/P8/documents/100144854
support.avaya.com/css/P8/documents/100145333
www.debian.org/security/2011/dsa-2268
www.debian.org/security/2011/dsa-2269
www.debian.org/security/2011/dsa-2273
www.mandriva.com/security/advisories?name=MDVSA-2011:111
www.mozilla.org/security/announce/2011/mfsa2011-22.html
www.redhat.com/support/errata/RHSA-2011-0885.html
www.redhat.com/support/errata/RHSA-2011-0887.html
www.redhat.com/support/errata/RHSA-2011-0888.html
www.ubuntu.com/usn/USN-1149-1
access.redhat.com/errata/RHSA-2011:0888
access.redhat.com/security/updates/classification/#critical
bugzilla.mozilla.org/show_bug.cgi?id=664009
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13987