{"id":594,"date":"2012-02-17T09:18:58","date_gmt":"2012-02-17T16:18:58","guid":{"rendered":"http:\/\/blog.mozilla.org\/security\/?p=594"},"modified":"2012-02-17T09:18:58","modified_gmt":"2012-02-17T16:18:58","slug":"mozilla-releases-to-address-cve-2011-3026","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2012\/02\/17\/mozilla-releases-to-address-cve-2011-3026\/","title":{"rendered":"Mozilla releases to address CVE-2011-3026"},"content":{"rendered":"<div>\n<h3>Issue<\/h3>\n<\/div>\n<p>The <code>libpng<\/code> graphics library, used by Firefox and Thunderbird as well as many other software packages, contains an exploitable integer overflow bug. An attacker could craft malicious images which exploit this bug, and deliver them to users through websites or email messages.<\/p>\n<h3>Impact to users<\/h3>\n<p>This bug is remotely exploitable and can lead to arbitrary code execution. Firefox, Thunderbird and Seamonkey users could be attacked simply by displaying a maliciously crafted image.<\/p>\n<h3>Status<\/h3>\n<p>Mozilla is aware of this bug and has issued a fix that will be released today for Firefox and Thunderbird.<\/p>\n<h3>Credit<\/h3>\n<p><strong><\/strong>The bug was reported by RedHat representatives<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Issue The libpng graphics library, used by Firefox and Thunderbird as well as many other software packages, contains an exploitable integer overflow bug. An attacker could craft malicious images which &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/security\/2012\/02\/17\/mozilla-releases-to-address-cve-2011-3026\/\">Read more<\/a><\/p>\n","protected":false},"author":142,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[69],"tags":[],"coauthors":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Mozilla releases to address CVE-2011-3026 - Mozilla Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/security\/2012\/02\/17\/mozilla-releases-to-address-cve-2011-3026\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Daniel Veditz\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2012\/02\/17\/mozilla-releases-to-address-cve-2011-3026\/\",\"url\":\"https:\/\/blog.mozilla.org\/security\/2012\/02\/17\/mozilla-releases-to-address-cve-2011-3026\/\",\"name\":\"Mozilla releases to address CVE-2011-3026 - Mozilla Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\"},\"datePublished\":\"2012-02-17T16:18:58+00:00\",\"dateModified\":\"2012-02-17T16:18:58+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/04ad4267d6173c50c6a250887082f088\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2012\/02\/17\/mozilla-releases-to-address-cve-2011-3026\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/security\/2012\/02\/17\/mozilla-releases-to-address-cve-2011-3026\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2012\/02\/17\/mozilla-releases-to-address-cve-2011-3026\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Mozilla releases to address CVE-2011-3026\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/security\/\",\"name\":\"Mozilla Security Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/04ad4267d6173c50c6a250887082f088\",\"name\":\"Daniel Veditz\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/f91fc8d11d145a8be6d59ec3e71ac970\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/da6b54ad3fdb36ba7656df9adfe65d12?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/da6b54ad3fdb36ba7656df9adfe65d12?s=96&d=identicon&r=g\",\"caption\":\"Daniel Veditz\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Mozilla releases to address CVE-2011-3026 - Mozilla Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/security\/2012\/02\/17\/mozilla-releases-to-address-cve-2011-3026\/","twitter_misc":{"Written by":"Daniel Veditz","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/security\/2012\/02\/17\/mozilla-releases-to-address-cve-2011-3026\/","url":"https:\/\/blog.mozilla.org\/security\/2012\/02\/17\/mozilla-releases-to-address-cve-2011-3026\/","name":"Mozilla releases to address CVE-2011-3026 - Mozilla Security Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/security\/#website"},"datePublished":"2012-02-17T16:18:58+00:00","dateModified":"2012-02-17T16:18:58+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/04ad4267d6173c50c6a250887082f088"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/security\/2012\/02\/17\/mozilla-releases-to-address-cve-2011-3026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/security\/2012\/02\/17\/mozilla-releases-to-address-cve-2011-3026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/security\/2012\/02\/17\/mozilla-releases-to-address-cve-2011-3026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/security\/"},{"@type":"ListItem","position":2,"name":"Mozilla releases to address CVE-2011-3026"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/security\/#website","url":"https:\/\/blog.mozilla.org\/security\/","name":"Mozilla Security Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/04ad4267d6173c50c6a250887082f088","name":"Daniel Veditz","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/f91fc8d11d145a8be6d59ec3e71ac970","url":"https:\/\/secure.gravatar.com\/avatar\/da6b54ad3fdb36ba7656df9adfe65d12?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/da6b54ad3fdb36ba7656df9adfe65d12?s=96&d=identicon&r=g","caption":"Daniel Veditz"}}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/594"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/users\/142"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/comments?post=594"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/594\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media?parent=594"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/categories?post=594"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/tags?post=594"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/coauthors?post=594"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}