Mozilla is preparing to release a fix for a serious vulnerability in both Firefox and Thunderbird that could result in remote code execution. The update comes just a few days after the company released version 10.0.1 of Firefox, fixing a separate security bug.
The new update for Firefox and Thunderbird will repair a known bug in libpng that also was fixed earlier this week in Google Chrome. Mozilla plans to push out the fix for the vulnerability later today.
“The libpng
graphics library, used by Firefox and Thunderbird as well as many other software packages, contains an exploitable integer overflow bug. An attacker could craft malicious images which exploit this bug, and deliver them to users through websites or email messages,” Mozilla said in its advisory.
“This bug is remotely exploitable and can lead to arbitrary code execution. Firefox, Thunderbird and Seamonkey users could be attacked simply by displaying a maliciously crafted image.”
Firefox users will be able to get the update through the automatic update mechanism in the browser.