The following vulnerabilities were found and fixed in Mozilla Thunderbird:

• "moz_bug_r_a4" and "shutdown" discovered that Thunderbird was improperly cloning base objects (MFSA 2005-56).
• "moz_bug_r_a4" also reported that Thunderbird was overly trusting contents, allowing privilege escalation via property overrides (MFSA 2005-41, 2005-44), that it failed to validate XHTML DOM nodes properly (MFSA 2005-55), and that XBL scripts ran even when Javascript is disabled (MFSA 2005-46).
• "shutdown" discovered a possibly exploitable crash in InstallVersion.compareTo (MFSA 2005-50).
• Andreas Sandblad from Secunia reported that a child frame can call top.focus() even if the framing page comes from a different origin and has overridden the focus() routine (MFSA 2005-52).
• Georgi Guninski reported missing Install object instance checks in the native implementations of XPInstall-related JavaScript objects (MFSA 2005-40).
• Finally, Vladimir V. Perepelitsa discovered a memory disclosure bug in JavaScript's regular expression string replacement when using an anonymous function as the replacement argument (CAN-2005-0989 and MFSA 2005-33).