You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-11

Mozilla Foundation Security Advisory 2012-11

Title: libpng integer overflow
Impact: Critical
Announced: February 16, 2012
Reporter:
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 10.0.2
  Firefox ESR 10.0.2
  Firefox 3.6.27
  Thunderbird 10.0.2
  Thunderbird ESR 10.0.2
  Thunderbird 3.1.19
  SeaMonkey 2.7.2

Description

An integer overflow in the libpng library can lead to a heap-buffer overflow when decompressing certain PNG images. This leads to a crash, which may be potentially exploitable.

References