Mozilla Thunderbird's WYSIWYG rendering engine insufficiently filters javascript scripts. It is possible to write javascript in the SRC attribute of the IFRAME tag. This leads to execution when the email is edited (for instance when replying to the email), even if javascript is disabled in the preferences. Versions 1.0.7 and below are affected.
b215a779092dd0caca33f471515297a08cca5d1ca016e757d5235e56f8590ec5
This tool can, under some conditions, calculate the exact time of a dns query made by someone, using TTL information cached on his ISP's nameservers.
397ca55e70fd272383102f3bb1e3eef0aecaffde8efee6c48e40cffcb5463c13