Issue

The libpng graphics library, used by Firefox and Thunderbird as well as many other software packages, contains an exploitable integer overflow bug. An attacker could craft malicious images which exploit this bug, and deliver them to users through websites or email messages.

Impact to users

This bug is remotely exploitable and can lead to arbitrary code execution. Firefox, Thunderbird and Seamonkey users could be attacked simply by displaying a maliciously crafted image.

Status

Mozilla is aware of this bug and has issued a fix that will be released today for Firefox and Thunderbird.

Credit

The bug was reported by RedHat representatives