/>
X

Mozilla: Firefox can be hacked via booby-trapped images

For the second time in a week, Mozilla patches a "critical" vulnerability that could be remotely exploitable and can lead to arbitrary code execution.
ryan-naraine.jpg
Written by Ryan Naraine on

For the second time this week, Mozilla has rushed out a Firefox security update to fix a dangerous security vulnerability.

The latest vulnerability, which was discovered and reported by representatives from Red Hat, "could be attacked simply by displaying a maliciously crafted image."

The skinny from a Mozilla advisory:

The libpng graphics library, used by Firefox and Thunderbird as well as many other software packages, contains an exploitable integer overflow bug. An attacker could craft malicious images which exploit this bug, and deliver them to users through websites or email messages.

This bug is remotely exploitable and can lead to arbitrary code execution. Firefox, Thunderbird and Seamonkey users could be attacked simply by displaying a maliciously crafted image.

[ SEE: Ten little things to secure your online presence ]

The open-source group shipped Firefox 10.0.2 to correct the flaw.  The fix is being distributed via the browser's silent update mechanism.

Earlier this week, Mozilla patched a separate flaw that could lead to drive-by download malware attacks if a user simply surfed to a booby-trapped web site.  Both browser updates are rated "critical," Mozilla's highest severity rating.

Related

A United Airlines pilot made a big speech to passengers. Not everyone will love it
screen-shot-2022-08-09-at-9-39-33-am.png

A United Airlines pilot made a big speech to passengers. Not everyone will love it

Business
Dear American Airlines customers, your pilot today is a United Airlines trainee
gettyimages-1155904758-american-airlines-dreamliner2.jpg

Dear American Airlines customers, your pilot today is a United Airlines trainee

Business
How to get Photoshop for free
photoshop free trial

How to get Photoshop for free

Photo & Video