In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.
When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed.
When visiting directory listings for chrome://
URLs as source text, some parameters were reflected.