Mozilla to Fix Libpng Bug in Firefox and Thunderbird

Mozilla is preparing to release a fix for a serious vulnerability in both Firefox and Thunderbird that could result in remote code execution. The update comes just a few days after the company released version 10.0.1 of Firefox, fixing a separate security bug. 

Thunderbird Firefox patchMozilla is preparing to release a fix for a serious vulnerability in both Firefox and Thunderbird that could result in remote code execution. The update comes just a few days after the company released version 10.0.1 of Firefox, fixing a separate security bug. 

The new update for Firefox and Thunderbird will repair a known bug in libpng that also was fixed earlier this week in Google Chrome. Mozilla plans to push out the fix for the vulnerability later today.

“The libpng graphics library, used by Firefox and Thunderbird as well as many other software packages, contains an exploitable integer overflow bug. An attacker could craft malicious images which exploit this bug, and deliver them to users through websites or email messages,” Mozilla said in its advisory.

“This bug is remotely exploitable and can lead to arbitrary code execution. Firefox, Thunderbird and Seamonkey users could be attacked simply by displaying a maliciously crafted image.”

Firefox users will be able to get the update through the automatic update mechanism in the browser.

Suggested articles

Drupal.org Resets Passwords After Data Breach

The Drupal Association is urging all users of Drupal.org and groups.drupal.org to reset their passwords after discovering an intrusion that breached files holding usernames, e-mail addresses, countries and hashed passwords. Sites that run on Drupal do not appear to be impacted, though the organization stressed an ongoing forensic review may reveal more details and victims. […]