From MFSA 2008-37: Justin Schuh and Tom Cross of the IBM X-Force and Peter Williams of IBM Watson Labs reported errors in Mozilla URL parsing routines. These errors could be exploited using a specially crafted UTF-8 URL in a hyperlink which could overflow a stack buffer and allow an attacker to execute arbitrary code.
This is now public
thunderbird-2.0.0.18-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
thunderbird-2.0.0.18-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
This was addressed via: Red Hat Enterprise Linux version 2.1 (RHSA-2008:0882) Red Hat Enterprise Linux version 3 (RHSA-2008:0882) Red Hat Enterprise Linux version 4 (RHSA-2008:0882) Red Hat Enterprise Linux version 4 (RHSA-2008:0908) Red Hat Enterprise Linux Desktop version 5 (RHSA-2008:0908) RHEL Optional Productivity Applications version 5 (RHSA-2008:0908)