Mozilla fixed a handful of issues in Thunderbird, its free email application, late last week, including a critical vulnerability that could have crashed programs running on Windows machines.

The critical bug stemmed from a buffer overflow that could have been triggered when drawing and validating elements using Windows’ Direct3D 9 graphics functionality with the ANGLE graphics library.

Thunderbird uses ANGLE instead of OpenGL, a cross-language, cross-platform API, for WebGL rendering but according to Mozilla, an incorrect value can be passed within the library during checks, something which can result in a potentially exploitable crash.

Mozilla fixed the bug last Friday, according to a security advisory. The same issue was also addressed in Firefox, Mozilla's flagship browser, earlier this month.

The company also fixed two high severity bugs, one (CVE-2017-7846) that made it possible to execute JavaScript in a parsed RSS feed, and another (CVE-2017-7847) that could have leaked sensitive data, like usernames, via local path strings, from a RSS feed, as well.

Researchers with Cure53, a German cybersecurity firm that carries out penetration tests, discovered both RSS feed bugs, in addition to a less severe bug that could have opened RSS feeds up to line injection, something that could have modified messages, and reported them to Mozilla.

The security updates, the first Thunderbird has received in about a month, come just a few days after Mozilla said the mail application was planning to make some changes internally.

Ryan Sipes, Thunderbird's Community Manager said last week Thunderbird was hoping to "address some technical debt" and "fix some sore points in the software" in the new year. Furthermore Sipes said Thunderbird will change its codebase from C++, JavaScript, XUL, and XPCOM to be mostly based upon web technologies.