: K-Meleon Forum
You can talk about issues with k-meleon here.
[quote=guenter] On Friday, March 16, 2012 5:12 AM [b]Doon[/b] wrote to undisclosed recipients. [quote=Doon] If I were to post a security alert in the forum today, to force public awareness, I would post the following: (btw, the securelist and bugzilla links are worth reading) February 16, 2012 - "The libpng graphics library, used by Firefox and Thunderbird as well as many other software packages, contains an exploitable integer overflow bug. An attacker could craft malicious images which exploit this bug, and deliver them to users through websites or email messages. This bug is remotely exploitable and can lead to arbitrary code execution. Firefox, Thunderbird and Seamonkey users could be attacked simply by displaying a maliciously crafted image." Advisories: http://blog.mozilla.com/security/2012/02/17/mozilla-releases-to-address-cve-2011-3026/ http://www.securelist.com/en/advisories/48026 Technical details: https://bugzilla.mozilla.org/show_bug.cgi?id=727401 http://www.libpng.org/pub/png/libpng.html [/quote] Some days before that, Tuesday, March 13, 2012 10:02 AM, Doon had submitted a detailed bug description which pointed to a way for a fix. The problem files were patched BTW replaced with code files from Firefox 3.6.27/3.6.28. Unpacked code Tarball: C:/Mozilla-1.9.2/modules/libimg/png/... The resulting compiled files were tested by Doon, JamesD... Win98, Win7/32bit, XPSP3. This fix is not official! You can however download the fixed files from: http://dhost.info/kmeleonskins/imglib2_1.5.4/imglib2.dll That file is for GRE 1.8.x = K-Meleon 1.5.4! http://dhost.info/kmeleonskins/imglib2_1.6/imglib2.dll That file is for GRE 1.9.1.x = K-Meleon 1.6.betas! The files are provided without any warranties that they are fit for use or anything else under K-Meleon's customary GNU license & under the following additional conditions. Before use. You must backup Your ./components/imglib2.dll in case the one downloaded is not compatible. After download. You must virus scan the downloaded file with Your own updated anti virus software. Before first use. You must delete Your ./components/compreg.dat and xpti.dat. In rare cases keeping the old files has caused a crash. K-Meleon will write these 2 files new with updated info every time they are deleted.[/quote]
K-Meleon forum is powered by