Critical Security Vulnerability Fix for Firefox CVE-2023-4863

Forum Moderators: open

Message Too Old, No Replies

Critical Security Vulnerability Fix for Firefox CVE-2023-4863

engine

11:41 am on Sep 13, 2023 (gmt 0)

Mozilla Foundation has released an update to fix a critical security vulnerability in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2
CVE-2023-4863: Heap buffer overflow in libwebp
Users should ensure they update now.

[mozilla.org...]

not2easy

12:54 pm on Sep 13, 2023 (gmt 0)

I just updated to 117.0.1 yesterday... great. I'll switch to Safari I guess.

graeme_p

3:32 pm on Sep 13, 2023 (gmt 0)

It affects any browser that uses libwepb. It my affect Safari too unless Apple uses a different webp library. It probably affects most browsers with webp support. It may also affect other image processing software.

graeme_p

3:36 pm on Sep 13, 2023 (gmt 0)

I got an update for GIMP and checking dependencies it uses webp.

not2easy

8:12 pm on Sep 13, 2023 (gmt 0)

I finally went to read it and I see that 17.0.1 was released as a fix.

Now to check into Safari..

Peter_S

8:27 am on Sep 14, 2023 (gmt 0)

libwebp is used by EVERYBODY. This is the official implementation of the webp image format.

Apple patched it first, followed by Google.

[securityweek.com...]