From MFSA 2008-44: Mozilla developer Georgi Guninski reported that the restrictions imposed on local HTML files could be bypassed using the resource: protocol. The vulnerability allowed an attacker to read information about the system and prompt the victim to save the information in a file.
This is now public
thunderbird-2.0.0.18-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
thunderbird-2.0.0.18-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
This was addressed via: Red Hat Enterprise Linux version 4 (firefox) RHSA-2008:0879 Red Hat Enterprise Linux version 5 (firefox) RHSA-2008:0879 Red Hat Enterprise Linux version 2.1 (seamonkey) RHSA-2008:0882 Red Hat Enterprise Linux version 3 (seamonkey) RHSA-2008:0882 Red Hat Enterprise Linux version 4 (RHSA-2008:0882) Red Hat Enterprise Linux version 4 (thunderbird) RHSA-2008:0908 Red Hat Enterprise Linux Desktop version 5 (thunderbird) RHSA-2008:0908 RHEL Optional Productivity Applications version 5 (thunderbird) RHSA-2008:0908