The latest vulnerability, which was discovered and reported by representatives from Red Hat, "could be attacked simply by displaying a maliciously crafted image."
The skinny from a Mozilla advisory:
The libpng graphics library, used by Firefox and Thunderbird as well as many other software packages, contains an exploitable integer overflow bug. An attacker could craft malicious images which exploit this bug, and deliver them to users through websites or email messages.
This bug is remotely exploitable and can lead to arbitrary code execution. Firefox, Thunderbird and Seamonkey users could be attacked simply by displaying a maliciously crafted image.
Earlier this week, Mozilla patched a separate flaw that could lead to drive-by download malware attacks if a user simply surfed to a booby-trapped web site. Both browser updates are rated "critical," Mozilla's highest severity rating.