Mozilla said that the vulnerability lies in the way Thunderbird handles Mime content in email messages.
By sending a specially crafted message, an attacker could trigger a buffer overflow error which would leave the user vulnerable to the remote installation and launch of malware.
Discovery of the flaw was credited to a security researcher using the name 'regenrecht', who reported the vulnerability in January via iDefense.
The vulnerability is patched in Thunderbird 2.0.0.12 and SeaMonkey 1.1.8. The US Computer Emergency Response Team recommended that users update to the latest versions of both applications.
Users can also patch the flaw by changing the application's 'mailnews.display.disallow_mime_handlers' property to any value greater than three.
News of the vulnerability comes just one week after Mozilla spun off Thunderbird into a subsidiary company known as Mozilla Messaging.
_(33).jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
iTnews Executive Retreat - Data & AI Edition
.png&w=120&c=1&s=0)
iTnews Cloud Covered Breakfast Summit
iTnews State of Security Breakfast
The 2026 iAwards
.jpg&w=120&c=1&s=0)
Integrate 2026
_(1).jpg&h=140&w=231&c=1&s=0)
