Changelog: from http://www.mozilla.org/en-US/thunderbird/10.0.12/releasenotes/
FIXED
Security fixes can be found here
MFSA 2013-20 Mis-issued TURKTRUST certificates
MFSA 2013-17 Use-after-free in ListenerManager
MFSA 2013-16 Use-after-free in serializeToStream
MFSA 2013-15 Privilege escalation through plugin objects
MFSA 2013-12 Buffer overflow in Javascript string concatenation
MFSA 2013-11 Address space layout leaked in XBL objects
MFSA 2013-09 Compartment mismatch with quickstubs returned values
MFSA 2013-05 Use-after-free when displaying table with many columns and column groups
MFSA 2013-04 URL spoofing in addressbar during page loads
MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)
Changelog:
FIXED Security fixes can be found here
Fixed in Thunderbird ESR 10.0.7
MFSA 2012-72 Web console eval capable of executing chrome-privileged code
MFSA 2012-70 Location object security checks bypassed by chrome code
MFSA 2012-67 Installer will launch incorrect executable following new installation
MFSA 2012-65 Out-of-bounds read in format-number in XSLT
MFSA 2012-63 SVG buffer overflow and use-after-free issues
MFSA 2012-62 WebGL use-after-free and memory corruption
MFSA 2012-61 Memory corruption with bitmap format images with negative height
MFSA 2012-58 Use-after-free issues found using Address Sanitizer
MFSA 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)
* Fix version number in ~/.thunderbird/*/prefs.js, s/10.0.6esrpre/10.0.6/
Originally reported by is@ on tech-pkg@.
Now firefox10-10.0.6 can be invoked from thunderbird10-10.0.6nb1.
