Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms.
Reading mail in Thunderbird does not pose a risk to users, however the vulnerability is present and could be triggered in RSS feeds if JavaScript is enabled or by an add-on that enables browser-like functionality.