Mozilla Thunderbird 17.0.6 email application is vulnerable to critical validation and filter bypass vulnerability, enables an attacker to bypass the filter that prevents HTML tags from being used in messages. According to a Pakistani Security Researcher from Vulnerability-Lab, a flaw gives an attacker the ability to run code on a user’s machine. The malicious code can be triggered on the recipient’s machine, when one will ‘Reply’ or ‘Forward’ that message. The vulnerability resides in Mozilla’s Gecko engine.
Source: https://thehackernews.com/2014/01/mozilla-thunderbird-vulnerability.html