It has been discovered that the security controls / filters currently being used in Mozilla Thunderbird application can be easily evaded if an attacker decides to encrypt the payloads with base64 encryption and combine it with the <object> tag.
Go to Security Advisory here – http://www.vulnerability-lab.com/get_content.php?id=953