Mozilla has released a minor update of its email client, Thunderbird 2, version 220.127.116.11, which among other things fixes a couple of security holes.
Both are ranked as ‘moderate’, instead of ‘critical’ or ‘high’. Additionally, there have been no exploits ‘in the wild’, or even proof-of-concept code.
Mozilla says its moderate rating is reserved for "vulnerabilities that would otherwise be high or critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps”.
That said, one of them was rated critical when it was fixed in Firefox two weeks ago. So while it's unlikely to bite you, it's still probably a good idea to get Thunderbird 18.104.22.168, which is available along with more info about what's in the update at Mozilla's site.