14 DAY TRIAL // A few days after it released Firefox 10.0.1 to address some major issues, Mozilla already made available the 10.0.2 variant of both the popular web browser and Thunderbird to resolve a vulnerability that exists in the libpng graphics library.
The libpng library contains an exploitable integer overflow bug that an attacker could leverage by crafting malicious images, which can be delivered to users via email or social networking sites.
“The vulnerability is caused due to an integer overflow error within the ‘png_decompress_chunk()’ function (pngrutil.c) when uncompressing certain chunks, which can be exploited to cause a heap-based buffer overflow,” Secunia informs.
By duping Firefox, Thunderbird and Seamonkey users into displaying a malicious .png image, a hacker could remotely execute a piece of arbitrary code.
Users are advised to immediately update to the latest variants to make sure their assets are protected against malicious operations.
Firefox for Windows is available for download here Firefox for Mac is available for download here Firefox for Linux is available for download here Firefox for Android is available for download here