Firefox 118.0.1 and ESR 115.3.1 fix a critical security issue

By admin

Mozilla
ORG

has just released a security update for its

Firefox
ORG

web browser that patches a critical security issue in all supported versions of the web browser.

ADVERTISEMENT

The update is available for

Firefox
ORG

and

Firefox
ORG

ESR for desktop operating system, for

Firefox Focus
ORG

and for Firefox for

Android
ORG

.

The desktop version of

Firefox
ORG

is updated to version

118.0.1
DATE

to address the issue. Firefox ESR is updated to

115.3
CARDINAL

..

1
CARDINAL

, and the

two
CARDINAL


Android
ORG

-based browsers are updated to version

118.1.0
CARDINAL

.

The security issue is the same that

Google
ORG

addressed in

Chromium
ORG

and

Google Chrome
ORG


yesterday
DATE

.

CVE-2023-5217: Heap buffer overflow in

libvpx
GPE

, is a critical security issue in

libvpx
GPE

.

Libvpx
PERSON

is a software video codec library developed by

Google
ORG

and

the Alliance for Open Media
ORG

. The free tool is open source and widely used in web browsers.


Mozilla
ORG

notes on the security advisory website: "Specific handling of an attacker-controlled VP8 media stream could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild."

The issue is actively exploited in the wild, but it is unclear how widespread the attacks are.

Mozilla
ORG

reveals that the attack needs access to a VP8 media stream to be carried out.

Firefox users should update their browser immediately to protect it from attacks. Desktop users may select

Menu > Help >
ORG

About Firefox to do so.

The popup that opens displays the installed version. Firefox runs an automatic check for updates whenever the popup is opened; it should pick up the new version to download and install it. A restart of the web browser is required to complete the installation. Another check of the "About" popup should display the new version and reassure users that their browser is no longer vulnerable to the attack.


Android
ORG

users need to wait until the new version is pushed to their devices via

Google Play
PRODUCT

.

Summary Article Name Firefox

118.0.1
DATE

and ESR 115.3.1 fix a critical security issue

Description Mozilla
ORG

published a security update for

Firefox
ORG

and

Firefox
ORG

ESR that addresses a critical vulnerability that is exploited in the wild. Author

Martin Brinkmann
PERSON

Publisher Ghacks Technology News Logo

Advertisement