Mozilla Messaging released a security update to all versions of Thunderbird 10 on February 16, 2012. The Thunderbird 10.0.2 security release addresses a bug in the lipng reference library which could cause an integer overflow or truncation. This in turn could be exploited and could result in execution of arbitrary code on a victim’s system when viewing a specially crafted PNG image in an affected mail client. More info here.
Users can update via Help > About Thunderbird or manually update and install from getthunderbird.com