thunderbird: fix affected versions for CVE-2018-5146

according to https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/ ,
CVE-2018-5146 has been fixed in thunderbird 52.7.0 (and CVE-2018-5147
affects Android platforms as per it's description).
Add link to the thunderbird security advisory MFSA 2018-09, as this has
the info for thunderbird.