Critical Update to Firefox Mozilla Foundation Security Advisory 2023-40

Mozilla Foundation Security Advisory 2023-40

Security Vulnerability fixed in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2

Announced

September 12, 2023

Impact

critical

Products

Firefox, Firefox ESR, Thunderbird

Fixed in

Firefox 117.0.1
Firefox ESR 102.15.1
Firefox ESR 115.2.1
Thunderbird 102.15.1
Thunderbird 115.2.2

#CVE-2023-4863: Heap buffer overflow in libwebp

Reporter: Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Toronto’s Munk School
Impact: critical

Description

Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild.

References

Bug https://bugzilla.mozilla.org/show_bug.cgi?id=1852649
Bug https://bugs.chromium.org/p/chromium/issues/detail?id=1479274

Critical Update to Firefox Mozilla Foundation Security Advisory 2023-40

Mozilla Foundation Security Advisory 2023-40

Security Vulnerability fixed in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2

#CVE-2023-4863: Heap buffer overflow in libwebp

Description

References

By Invitation Only Event: CybersecConPH

China’s BlackTech reported to have gained control of Cisco routers

Leave a Reply Cancel reply

Critical Update to Firefox Mozilla Foundation Security Advisory 2023-40

Critical Update to Firefox Mozilla Foundation Security Advisory 2023-40

Mozilla Foundation Security Advisory 2023-40

Security Vulnerability fixed in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2

#CVE-2023-4863: Heap buffer overflow in libwebp

Description

References

Share :

By Invitation Only Event: CybersecConPH

China’s BlackTech reported to have gained control of Cisco routers

Leave a Reply Cancel reply