Security researcher Gustavo Grieco reported that on Linux Gnome
systems the dialog for choosing local files uses the operating system's
gdk-pixbuf
library to render thumbnails for image file types. This
library supports various image decoders, and Grieco reported that the Jasper and TGA
decoders were unmaintained and have several known vulnerabilities. Firefox has
disabled the use of those decoders in gdk-pixbuf
.
This issue only affects Linux systems running Gnome. Windows, OS X, and Android operating systems are unaffected.