Thunderbird 91, a new major version of the open source cross platform email and communication client, has been released.
Not too hard to find, but PDF.js ( same viewer that's used by default in Firefox ) was integrated in Thunderbird version 91 released August 2021, and wow that's a pretty busy bee of developers on Github.
Simply keeping Thunderbird updated, I have a hard time see where this actually could be dangerous enough and extra since I personal as a malware hunter very rarely stumbles over actual alive and still kicking in the wild genuine malicious pdf samples. The majority of those are phishing attacks. Phishing links normally have a very short time span where they are still active. Even a CVE search gives very little info:
PDF readers are vulnerable mainly because they support scripts. The simple ones, such as Sumatra, do not support scripts and are therefore quite secure. I don't think the thunderbird pdf reader is built to support scripts.