The Thunderbird 2.x email client remains open to a key vulnerability that’s already been closed in Opera, Firefox and Chrome.

“The vulnerability allows attackers to overwrite arrays, and inject and execute arbitrary code, by including certain formatting characters,” according to The H Security. “The hole has been publicly known since last June and was rated extremely critical at least for the browsers.”

“Why the Mozilla Foundation is taking so long to release a new version of Thunderbird 2.x is an open question,” the article states. “It could be that the development of Thunderbird 3 has drawn off all available resources. As the new version of the e-mail client does not contain the flaw, users are advised to switch if they can.”

Click here to read the article at The H Security.