Mozilla Thunderbird 10.x < 10.0.2 'png_decompress_chunk' Integer Overflow
High Nessus Plugin ID 58007
SynopsisThe remote Windows host contains a mail client that is potentially affected by an integer overflow vulnerability.
DescriptionThe installed version of Thunderbird 10.x is earlier than 10.0.2 and is, therefore, potentially affected by an integer overflow vulnerability.
An integer overflow error exists in 'libpng', a library used by this application. When decompressing certain PNG image files, this error can allow a heap-based buffer overflow which can crash the application or potentially allow code execution.
SolutionUpgrade to Thunderbird 10.0.2 or later.