Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Thunderbird 10.x < 10.0.2 'png_decompress_chunk' Integer Overflow

High

Synopsis

The remote host has a mail client installed that is affected by an integer overflow vulnerability.

Description

Versions of Mozilla Thunderbird 10.x prior to 10.0.2 are affected by an integer overflow error in 'libpng', a library used by this application. When decompressing certain PNG image files, this error can allow a heap-based buffer overflow which can crash the application or potentially allow code execution.

Solution

Upgrade to Thunderbird 10.0.2 or later.