Mozilla releases to address CVE-2011-3026

Daniel Veditz

3

Issue

The libpng graphics library, used by Firefox and Thunderbird as well as many other software packages, contains an exploitable integer overflow bug. An attacker could craft malicious images which exploit this bug, and deliver them to users through websites or email messages.

Impact to users

This bug is remotely exploitable and can lead to arbitrary code execution. Firefox, Thunderbird and Seamonkey users could be attacked simply by displaying a maliciously crafted image.

Status

Mozilla is aware of this bug and has issued a fix that will be released today for Firefox and Thunderbird.

Credit

The bug was reported by RedHat representatives

3 responses

  1. Pam wrote on :

    i was getting a 10.0.2 error today. One day I did aan update. Do you think I have a bug? I did go in and uninstalled Mozilla Firefox. Should I do any thig else

  2. Daniel Veditz wrote on :

    Pam: There are many different answers to your question depending on specific details of what happened to you. I urge you to visit https://support.mozilla.com/ which is much better set up to help you than we can here in a blog format.

  3. morris wrote on :

    i have tried several times on updating my mozilla so as to sort the issue of errors in my PC but after one week i receive an error in the updated version. please see what you will do to stop these errors occuring oftenly. thankyou.