Critical Update to Firefox Mozilla Foundation Security Advisory 2023-40
Mozilla Foundation Security Advisory 2023-40
Security Vulnerability fixed in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2
- Announced
- September 12, 2023
- Impact
- critical
- Products
- Firefox, Firefox ESR, Thunderbird
- Fixed in
-
- Firefox 117.0.1
- Firefox ESR 102.15.1
- Firefox ESR 115.2.1
- Thunderbird 102.15.1
- Thunderbird 115.2.2
#CVE-2023-4863: Heap buffer overflow in libwebp
- Reporter
- Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Toronto’s Munk School
- Impact
- critical
Description
Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild.