Ubuntu Security Notice 2010-1 - Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Thunderbird. Jordi Chancel discovered that HTML select elements could display arbitrary content. If a user had scripting enabled, an attacker could potentially exploit this to conduct URL spoofing or clickjacking attacks. Various other issues were also addressed.
0c6808080c7cedb8770ce4507d3e211181be6fbe5089acc561b682ec9cd4352d