http://www.mozilla.com/en-US/firefox/3.0.7/releasenotes/

Mozilla has released version 3.0.7 of Firefox.  This release fixes several issues found in the previous version.  These fixes include several security issues, 1 Critical.. 2 High.. 1 Moderate.. and 2 Low.  The most critical item fixed is the problem of a crash causing memory corruption.  This is a stability bug and there is concern that with effort on the bad guys part these crashes could be used to run arbitrary code.  This issue applies too Firefox, Thunderbird and SeaMonkey products.

According to Mozilla's Security Advisory MFSA2009-01

"Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images."

See http://www.mozilla.org/security/announce/2009/mfsa2009-01.html for more information.