One forum discussion suggests that one of these vulnerabilities was also the reason for the “chemspill” Firefox and Thunderbird updates. One forum entry refers to an integer overflow in libpng, the official PNG reference library. Firefox bug number 727401 is currently restricted and not publicly viewable on the Bugzilla system. It corresponds to a bug that Google paid Jüri Aedla $1,337 for discovering, which concerns uncompressing PNG files. According to the comments in the Chromium code, the bug can cause an integer overflow or truncation.
It is currently unknown whether the vulnerability is being actively exploited in the wild and exactly what the risks are. All versions of libpng since 1.2.8 appear to be affected. According to an advisory from Secunia, exploitation could result in execution of arbitrary code on a victim’s system when viewing a specially crafted PNG image in an affected browser.