Lucene search

threatpostDennis FisherTHREATPOST:5ABA4DDB709C933D01DC2E11880B1AFB
HistoryFeb 17, 2012 - 6:43 p.m.

Mozilla to Fix Libpng Bug in Firefox and Thunderbird

Dennis Fisher

0.832 High




Thunderbird Firefox patchMozilla is preparing to release a fix for a serious vulnerability in both Firefox and Thunderbird that could result in remote code execution. The update comes just a few days after the company released version 10.0.1 of Firefox, fixing a separate security bug.

The new update for Firefox and Thunderbird will repair a known bug in libpng that also was fixed earlier this week in Google Chrome. Mozilla plans to push out the fix for the vulnerability later today.

β€œThe libpng graphics library, used by Firefox and Thunderbird as well as many other software packages, contains an exploitable integer overflow bug. An attacker could craft malicious images which exploit this bug, and deliver them to users through websites or email messages,” Mozilla said in its advisory.

β€œThis bug is remotely exploitable and can lead to arbitrary code execution. Firefox, Thunderbird and Seamonkey users could be attacked simply by displaying a maliciously crafted image.”

Firefox users will be able to get the update through the automatic update mechanism in the browser.