Mozilla yesterday released a new version of Thunderbird, 2.0.0.16, which fixes couple of security vulnerabilities, some of them even allowing remote code execution.

Full list of fixed vulnerabilities is available at http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html#thunderbird2.0.0.16

If you are running Thunderbird, make sure that you patched it.