Mozilla on Thursday shipped a minor update of its e-mail client, Thunderbird 2, version 220.127.116.11, that among other things fixes a couple of security holes.
Both are ranked as "moderate," instead of "critical" or "high." Additionally, there have been no exploits "in the wild," or even proof-of-concept code that I'm aware of at this time.
Mozilla says its moderate rating is reserved for "vulnerabilities that would otherwise be high or critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps."
That said, one of them was rated critical when it was fixed in Firefox two weeks ago. So while it's unlikely to bite you, it's still probably a good idea to get Thunderbird 18.104.22.168, which is available along with more info about what's in the update at Mozilla's site.