
Firefox 10.0.2 fixes libpng integer overflow bug - girishmony
http://www.browsomatic.com/2012/02/firefox-1002-fixes-libpng-integer.html
======
dalke
This looks like an ad-wrapper around the information from
[https://www.mozilla.org/security/announce/2012/mfsa2012-11.h...](https://www.mozilla.org/security/announce/2012/mfsa2012-11.html)
.

~~~
girishmony
Great invention! Why don't you appreciate the other information provided?

~~~
dalke
Invention? I fail to understand.

In any case, in your posting (I see that you wrote that info tidbit):

1) most of the page was advertisement. I don't mean only the various side-bar
and in-line ads, and massive numbers of links to other content from the same
site, but the text itself including things like "Attackers can exploit your PC
remotely" where "exploit" had a mouseover to an ad to "Watch TV live" and
"your PC" was an iPhone mouseover ad.

2) the information was wrong: there is no known exploit. The actual published
bug "allows remote attackers to cause a denial of service or possibly have
unspecified other impact via unknown vectors that trigger an integer
truncation". This may or may not be an exploit.

~~~
girishmony
Apologies for my early reply

Actually the link mentioned in the post says this

"An integer overflow in the libpng library can lead to a heap-buffer overflow
when decompressing certain PNG images. This leads to a crash, which may be
potentially exploitable."

which may be potentially exploitable

that's what is mentioned in the post.

Also check this

[http://blog.mozilla.com/security/2012/02/17/mozilla-
releases...](http://blog.mozilla.com/security/2012/02/17/mozilla-releases-to-
address-cve-2011-3026/)

Regarding mouse over ads, apologies for not providing a good reading
experience. Since the original link is in blue and the ad is in green, I
thought it was easily distinguishable. I will look after it.

Thanks for the comment :)

~~~
dalke
"May be potentially exploitable" is not the same as "can". Your article
several times says "can".

I hate reading spam-filled "news" sites, and would rather read the original
news, or insightful commentary. As this is "Hacker News", the commentary you
provided was not insightful to its expected audience.

