RealTime IT News

Mozilla Releases Firefox 10.0.2 for png Flaw

firefoxFrom the 'Be Careful What you Click' files:

At the end of last week, Mozilla released Firefox 10.0.1, which fixed a single flaw. Now here we are at the end of a new week, and there is another release with Firefox 10.0.2.

This time the flaw is one that I'm familiar with - as it was patched by Google in Chrome 17, just slightly ahead of the Firefox 10.0.2 update.

The actual flaw is a vulnerability in the libpng graphics library that many open source tools (including browsers) use. It's an integer overflow flaw that could have some serious consequences.

"An attacker could craft malicious images which exploit this bug, and deliver them to users through websites or email messages," Mozilla warned in its advisory.

According to Mozilla, they were alerted about the flaw by Red Hat.

In any event, make sure you update, this is a flaw looks relatively easy to me to exploit and thanks to the quick actions of Google and Mozilla - now trivially easy to protect against too.

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals. Follow him on Twitter @TechJournalist.

Comment and Contribute