https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/ Security vulnerabilities fixed in Thunderbird 52.6 Announced January 25, 2018 Impact critical Products Thunderbird Fixed in Thunderbird 52.6 In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.
I think the software is now long enough in the tree, so could we please start the stabilization process? The bin package has already stable keywords.
This issue was resolved and addressed in GLSA 201803-14 at https://security.gentoo.org/glsa/201803-14 by GLSA coordinator Aaron Bauman (b-man).