Mozilla patches critical WebP security issue in Firefox and Thunderbird

By admin

Mozilla
ORG

has released security updates for all supported versions of its

Firefox
ORG

web browser as well as for the email client

Thunderbird
PRODUCT

. The updates address a critical security issue in WebP that is exploited in the wild.

ADVERTISEMENT

The products are affected by the same critical security issue that

Google Chrome
ORG

and

Chromium
ORG

-based browsers are affected by.

Google
ORG

released a security update for

Chrome
ORG

on

the same day
DATE

to patch the vulnerability.

Firefox users are advised to update the browser immediately to the new version. WebP is an image format that is used widely on the Internet.

Mozilla
ORG

notes that opening a malicious WebP image could "lead to a buffer overflow in the content process", which can result in the execution of malicious code on the user’s system.

The updates are available already. Firefox users may select

Menu > Help >
ORG

About Firefox to display the current version and get the latest update. Thunderbird users may select

Menu > Help >
ORG

About Thunderbird to do the same. The latest versions are the following ones after the installation of the update:

Firefox

117.0.1
CARDINAL

Stable

Firefox

115.2.1
CARDINAL

ESR

Firefox

102.15.1 ESR

QUANTITY

Thunderbird 115.2.2

Thunderbird 102.15.1

Firefox

117.0.1
CARDINAL

is not only a security update, as it addresses a number of issues in the open source web browser as well.

Two
CARDINAL

bugs that affect the opening of links are addressed in the release. The

first
ORDINAL

caused the "reopen all tabs" option of the recently closed tabs menu to fail to open all the tabs sometimes. The

second
ORDINAL

saw links activated outside Firefox on macOS not being opened in

Firefox
ORG

sometimes.

Another fix addresses an issue that affected extensions. Sometimes, extensions would be terminated while still running. This could happen when the extensions used "an event page for long-running tasks".


Mozilla
ORG

reverted on change temporarily. The change prevents JavaScript from changing the URL protocol.

Mozilla
ORG

plans to roll it out at a later point.

The other fixes address a bookmarks menu visibility issue, a time zone detection issue on some sites, and an issue with audio worklets not working on sites that use

WebAssembly
ORG

exception handling.

You can check out the full Firefox

117.0.1
CARDINAL

release notes and the security advisory here.

Except all other browsers that support the image format to be affected by the WebP security issue as well. Most have or will release security updates to address the issue.

Now You: how often do you see WebP images on the web?

Summary Article Name Mozilla patches critical WebP security issue in

Firefox
ORG

and

Thunderbird Description Mozilla
ORG

has released security updates for all supported versions of its

Firefox
ORG

web browser as well as for the email client

Thunderbird
PRODUCT

. Author

Martin Brinkmann
PERSON

Publisher Ghacks Technology News Logo

Advertisement