Lucene search

K
threatpostDennis FisherTHREATPOST:5ABA4DDB709C933D01DC2E11880B1AFB
HistoryFeb 17, 2012 - 6:43 p.m.

Mozilla to Fix Libpng Bug in Firefox and Thunderbird

2012-02-1718:43:07
Dennis Fisher
threatpost.com
21

0.832 High

EPSS

Percentile

98.1%

Thunderbird Firefox patchMozilla is preparing to release a fix for a serious vulnerability in both Firefox and Thunderbird that could result in remote code execution. The update comes just a few days after the company released version 10.0.1 of Firefox, fixing a separate security bug.

The new update for Firefox and Thunderbird will repair a known bug in libpng that also was fixed earlier this week in Google Chrome. Mozilla plans to push out the fix for the vulnerability later today.

“The libpng graphics library, used by Firefox and Thunderbird as well as many other software packages, contains an exploitable integer overflow bug. An attacker could craft malicious images which exploit this bug, and deliver them to users through websites or email messages,” Mozilla said in its advisory.

“This bug is remotely exploitable and can lead to arbitrary code execution. Firefox, Thunderbird and Seamonkey users could be attacked simply by displaying a maliciously crafted image.”

Firefox users will be able to get the update through the automatic update mechanism in the browser.

0.832 High

EPSS

Percentile

98.1%

Related for THREATPOST:5ABA4DDB709C933D01DC2E11880B1AFB