Well according to a slashdot article there is a vulnerability in Mozilla and Thunderbird that takes advantage of a buffer overflow exploit. This is quite similar to the jpeg parsing vulnerability in windows that was revealed recently.
Luckily if you have updated Mozilla, Firefox and Thunderbird. If you havent head over here and get the updates.
As for the windows vulnerabilites, patches are available on windowsupdate.com