Issue
The libpng
graphics library, used by Firefox and Thunderbird as well as many other software packages, contains an exploitable integer overflow bug. An attacker could craft malicious images which exploit this bug, and deliver them to users through websites or email messages.
Impact to users
This bug is remotely exploitable and can lead to arbitrary code execution. Firefox, Thunderbird and Seamonkey users could be attacked simply by displaying a maliciously crafted image.
Status
Mozilla is aware of this bug and has issued a fix that will be released today for Firefox and Thunderbird.
Credit
The bug was reported by RedHat representatives
Pam wrote on
Daniel Veditz wrote on
morris wrote on