Yesterday Mozilla released Firefox 10.0.2 by fixing a security issue, not disclosed what it was that time. Now more details coming out, Mozilla noted on their security blog that an integer overflow/truncation in Lipbng graphics library used by Firefox has been fixed with yesterday released update, this can allow an attacker to exploit the bug by crafting malicious images and sending them to users via email or websites.

Mozilla Releases Update for Firefox to fix integer overflow bug in libpng

Google Chrome browser stable version recently updated  to 17.0.963.56 has already this bug fixed.  Redhat representatives reported about this bug to Mozilla where Mozilla issued the fix yesterday for Firefox and Thunderbird users.

Issue

The libpng graphics library, used by Firefox and Thunderbird as well as many other software packages, contains an exploitable integer overflow bug. An attacker could craft malicious images which exploit this bug, and deliver them to users through websites or email messages.

Impact to users

This bug is remotely exploitable and can lead to arbitrary code execution. Firefox, Thunderbird and Seamonkey users could be attacked simply by displaying a maliciously crafted image.

Status

Mozilla is aware of this bug and has issued a fix that will be released today for Firefox and Thunderbird.

Source: Mozilla Security blog