Security researcher Paul Bandha used the used the Address
Sanitizer tool to discover a use-after-free vulnerability when running specific
web content with IndexedDB
to create an index. This leads to a
potentially exploitable crash.
In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.