SECUNIA ADVISORY ID: SA33205
VERIFY ADVISORY: http://secunia.com/advisories/33205/
CRITICAL: Highly critical
IMPACT: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access.

SOFTWARE: Mozilla Thunderbird 2.x - http://secunia.com/advisories/product/14070/
DESCRIPTION: Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system. For more information: SA33184. The vulnerabilities are reported in version 2.0.0.18 and prior.

SOLUTION: Fixed in an upcoming 2.0.0.19 version. The vendor recommends disabling JavaScript until a fixed version is available.

ORIGINAL ADVISORY:
http://www.mozilla.org/security/announce/2008/mfsa2008-60.html
http://www.mozilla.org/security/announce/2008/mfsa2008-61.html
http://www.mozilla.org/security/announce/2008/mfsa2008-64.html
http://www.mozilla.org/security/announce/2008/mfsa2008-65.html
http://www.mozilla.org/security/announce/2008/mfsa2008-66.html
http://www.mozilla.org/security/announce/2008/mfsa2008-67.html
http://www.mozilla.org/security/announce/2008/mfsa2008-68.html

OTHER REFERENCES: SA33184: http://secunia.com/advisories/33184/