Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to potentially compromise a user's system.

1) An array indexing error when processing floating point numbers can be exploited to potentially execute arbitrary code via e.g. a specially crafted iCalendar file processed by the Lightning add-on or a specially crafted web page viewed through the ThunderBrowse add-on.

This is related to vulnerability #1 in:
SA36711

2) An error when joined to an Active Directory server on Vista or Windows 7 can be exploited to cause a crash or potentially execute arbitrary code if SSPI authentication is used.

3) An error when indexing certain messages with attachments can be exploited to cause a crash or potentially execute arbitrary code.

4) An unspecified error in the JavaScript engine can be exploited to cause a crash or potentially execute arbitrary code.

5) An error in the BinHex decoder when used on non-Mac platforms can be exploited to cause a crash or potentially execute arbitrary code.

Vulnerabilities #4 and #5 are related to vulnerability #1 in:
SA36671

6) A use-after-free error in the implementation of the XUL tree element can be exploited to potentially execute arbitrary code.

This is related to vulnerability #3 in:
SA36671

7) An error when downloading files can be exploited to potentially trick a user into running an executable file.

This is related to vulnerability #8 in:
SA36711

8) An error in the implementation of the NTLM authentication protocol can be exploited to reflect the user's NTLM credentials to an arbitrary application.

This is related to vulnerability #5 in:
SA37699

The vulnerabilities are reported in versions prior to 2.0.0.24.

Solution
Update to version 2.0.0.24.

Provided and/or discovered by
1) Maksymilian Arciemowicz and sp3x

The vendor also credits:
2) Paul Fisher
3) Ludovic Hirlimann
4) Carsten Book
5) Josh Soref
6) an anonymous person, reported via ZDI
7) Jesse Ruderman and Sid Stamm
8) Takehiro Takahashi of IBM X-Force

Changelog
Further details available in Customer Area

Original Advisory
Mozilla:
http://www.mozilla.org/security/announce/2009/mfsa2009-49.html
http://www.mozilla.org/security/announce/2009/mfsa2009-59.html
http://www.mozilla.org/security/announce/2009/mfsa2009-62.html
http://www.mozilla.org/security/announce/2009/mfsa2009-68.html
http://www.mozilla.org/security/announce/2010/mfsa2010-07.html

SecurityReason:
http://securityreason.com/achievement_securityalert/78

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area