Security updates released by Mozilla this week for the Thunderbird email client address vulnerabilities that could be exploited to execute arbitrary code on impacted systems. Available as version 60.7.1, the latest Thunderbird iteration addresses only four vulnerabilities. An attacker capable of exploiting the most severe of these vulnerabilities could execute arbitrary code on the vulnerable machine, the Multi-State Information Sharing and Analysis Center (MS-ISAC), a division of the Center for Internet Security, reveals in an advisory shared with SecurityWeek. Normally these flaws cannot be exploited through email in Thunderbird, given that scripting is disabled when reading mail, but they could pose a risk in browser or browser-like contexts, the MS-ISAC advisory reveals. All Thunderbird versions prior to 60.7.1 are vulnerable, but there are no reports of these vulnerabilities being exploited in the wild. The MS-ISAC advisory also notes that the vulnerabilities pose a High risk to large and medium business and government entities, but only a Medium risk to small government and business entities.