Mozilla: Firefox can be hacked via booby-trapped images

For the second time in a week, Mozilla patches a "critical" vulnerability that could be remotely exploitable and can lead to arbitrary code execution.

For the second time this week, Mozilla has rushed out a Firefox security update to fix a dangerous security vulnerability.

The latest vulnerability, which was discovered and reported by representatives from Red Hat, "could be attacked simply by displaying a maliciously crafted image."

The skinny from a Mozilla advisory:

follow Ryan Naraine on twitter

The libpng graphics library, used by Firefox and Thunderbird as well as many other software packages, contains an exploitable integer overflow bug. An attacker could craft malicious images which exploit this bug, and deliver them to users through websites or email messages.

This bug is remotely exploitable and can lead to arbitrary code execution. Firefox, Thunderbird and Seamonkey users could be attacked simply by displaying a maliciously crafted image.

[ SEE: Ten little things to secure your online presence ]

The open-source group shipped Firefox 10.0.2 to correct the flaw.  The fix is being distributed via the browser's silent update mechanism.

Earlier this week, Mozilla patched a separate flaw that could lead to drive-by download malware attacks if a user simply surfed to a booby-trapped web site.  Both browser updates are rated "critical," Mozilla's highest severity rating.

Security | Cloud | Big Data Analytics | Innovation | Tech and Work | Collaboration
Show Comments

Related