Mozilla Corp.'s Thunderbird e-mail client for Linux suffers from the same serious vulnerability as its Firefox browser, a security firm said Thursday. The difference: Thunderbird has not been patched.

Secunia, a Danish vulnerability tracking vendor, rated the bug -- which like the one disclosed Tuesday in the Linux edition of Firefox, relates to how the software processes URLs -- as "Extremely critical," the company's most dire warning.

The bug is in Thunderbird's parsing of URLs supplied on the command line, if, for instance, a user is tricked into clicking on a "mailto:" link within a browser which uses Thunderbird as its default e-mail client (as Firefox does). Any Linux commands enclosed in backticks are executed.

Although the bug has been reported, and according to Bugzilla, Mozilla's software- and bug-management center, a fix is underway, there is as yet no official patch or updated version of Thunderbird.

Secunia's only recommendation was a terse "Do not use Thunderbird as the default mail handler."

Only the Linux/Unix version of Thunderbird is at risk.