From MFSA 2008-46: Georgi Guninski reported a buffer overflow in the handling of cancelled newsgroup messages. The error was caused by too small a heap buffer being allocated to store message header information. This buffer could be overrun by an attacker using a specially crafted message which could crash the mail reader and potentially be used to run arbitrary code on the victim's computer.
thunderbird-2.0.0.18-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
thunderbird-2.0.0.18-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
This vulnerability was resolved in Red Hat Enterprise Linux 4, 5, and Optional Productivity Applications version 5 via RHSA-2008:0908: https://rhn.redhat.com/errata/RHSA-2008-0908.html