Firefox 118.0.1 and ESR 115.3.1 fix a critical security issue

Martin Brinkmann
Sep 29, 2023
Firefox
|
0

Mozilla has just released a security update for its Firefox web browser that patches a critical security issue in all supported versions of the web browser.

The update is available for Firefox and Firefox ESR for desktop operating system, for Firefox Focus and for Firefox for Android.

The desktop version of Firefox is updated to version 118.0.1 to address the issue. Firefox ESR is updated to 115.3..1, and the two Android-based browsers are updated to version 118.1.0.

The security issue is the same that Google addressed in Chromium and Google Chrome yesterday.

CVE-2023-5217: Heap buffer overflow in libvpx, is a critical security issue in libvpx. Libvpx is a software video codec library developed by Google and the Alliance for Open Media. The free tool is open source and widely used in web browsers.

Mozilla notes on the security advisory website: "Specific handling of an attacker-controlled VP8 media stream could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild."

The issue is actively exploited in the wild, but it is unclear how widespread the attacks are. Mozilla reveals that the attack needs access to a VP8 media stream to be carried out.

firefox 118.0.1

Firefox users should update their browser immediately to protect it from attacks. Desktop users may select Menu > Help > About Firefox to do so.

The popup that opens displays the installed version. Firefox runs an automatic check for updates whenever the popup is opened; it should pick up the new version to download and install it. A restart of the web browser is required to complete the installation. Another check of the "About" popup should display the new version and reassure users that their browser is no longer vulnerable to the attack.

Android users need to wait until the new version is pushed to their devices via Google Play.

Summary
Firefox 118.0.1 and ESR 115.3.1 fix a critical security issue
Article Name
Firefox 118.0.1 and ESR 115.3.1 fix a critical security issue
Description
Mozilla published a security update for Firefox and Firefox ESR that addresses a critical vulnerability that is exploited in the wild.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

There are no comments on this post yet, be the first one to share your thoughts!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.