Mozilla: Firefox can be hacked via booby-trapped images

For the second time this week, Mozilla has rushed out a Firefox security update to fix a dangerous security vulnerability.

The latest vulnerability, which was discovered and reported by representatives from Red Hat, "could be attacked simply by displaying a maliciously crafted image."

The skinny from a Mozilla advisory:

The libpng graphics library, used by Firefox and Thunderbird as well as many other software packages, contains an exploitable integer overflow bug. An attacker could craft malicious images which exploit this bug, and deliver them to users through websites or email messages.

This bug is remotely exploitable and can lead to arbitrary code execution. Firefox, Thunderbird and Seamonkey users could be attacked simply by displaying a maliciously crafted image.

[ SEE: Ten little things to secure your online presence ]

The open-source group shipped Firefox 10.0.2 to correct the flaw.  The fix is being distributed via the browser's silent update mechanism.

Earlier this week, Mozilla patched a separate flaw that could lead to drive-by download malware attacks if a user simply surfed to a booby-trapped web site.  Both browser updates are rated "critical," Mozilla's highest severity rating.