Mozilla Thunderbird is one of the most popular e-mail clients, many users choosing it in the detriment of Microsoft's products, Outlook Express. Besides the main function that allows users to send and receive e-mail messages, Thunderbird offers more functionality with its support for extensions, tiny programs that add more features to the application.

Today, Mozilla posted an advisory to say that the company discovered multiple vulnerabilities in the e-mail client that can allow an attacker to compromise an affected system.

Security company Secunia also released a security notice to inform users about the Thunderbird vulnerability, rating the flaw as highly critical.

"A boundary error within the processing of mail headers can be exploited to cause a heap-based buffer overflow via an overly long "Content-Type" header in an external message body.
A boundary error within the processing of rfc2047-encoded headers can be exploited to cause a heap-based buffer overflow," Secunia said in the advisory.

"Georgi Guninski reported that long Content-Type headers in external message bodies could cause a heap buffer overflow when processing mail headers. While working on that code David Bienvenu discovered a similar overflow could occur when processing long rfc2047-encoded headers. Either overflow could be exploited to execute arbitrary code," Mozilla added.

The Firefox developer also mentioned that SeaMonkey 1.0.7 is also vulnerable to attacks, saying that the solution is to update to the latest versions of the affected applications. Secunia completed this statement adding that the affected versions of Thunderbird are 1.0.x and 1.5.x.

Mozilla Thunderbird and SeaMonkey were both tested by Softpedia and are available as a free download HERE and HERE.