Vulnerability in libpng prompts Firefox and Thunderbird updates
The Mozilla Project has released updates to Firefox and Thunderbird. According to the release notes, the version 10.0.2 updates to the open source web browser and the news and email client address a security vulnerability; however, at the time of writing, the project's security pages provide no details of what has been fixed; these releases came soon after a Chrome update which closed 13 security holes and took the version number to 17.0.963.56.
One forum discussion suggests that one of these vulnerabilities was also the reason for the "chemspill" Firefox and Thunderbird updates. One forum entry refers to an integer overflow in libpng, the official PNG reference library. Firefox bug number 727401 is currently restricted and not publicly viewable on the Bugzilla system. It corresponds to a bug that Google paid Jüri Aedla $1,337 for discovering, which concerns uncompressing PNG files. According to the comments in the Chromium code, the bug can cause an integer overflow or truncation.
It is currently unknown whether the vulnerability is being actively exploited in the wild and exactly what the risks are. All versions of libpng since 1.2.8 appear to be affected. According to an advisory from Secunia, exploitation could result in execution of arbitrary code on a victim's system when viewing a specially crafted PNG image in an affected browser.
(crve)