CVE-2008-0420 describes an information disclosure bug in the Mozilla products. It is possible that this flaw could be used by malicious web content to steal information about a users browsing session.
keep this embargoed until upstream makes it public.
This seems to be a public description of this issue: http://marc.info/?l=bugtraq&m=120318029812271&w=4
This is now public on the Mozilla site: http://www.mozilla.org/security/announce/2008/mfsa2008-07.html I'm opening the bug up to the public.
thunderbird-2.0.0.12-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
thunderbird-2.0.0.12-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.