Firefox 118.0.1 and ESR 115.3.1 fix a critical security issue

Created on November 12, 2023 at 10:36 am

Mozilla ORG has just released a security update for its Firefox ORG web browser that patches a critical security issue in all supported versions of the web browser.


The update is available for Firefox ORG and Firefox ORG ESR for desktop operating system, for Firefox Focus ORG and for Firefox for Android ORG .

The desktop version of Firefox ORG is updated to version 118.0.1 DATE to address the issue. Firefox ESR is updated to 115.3 CARDINAL .. 1 CARDINAL , and the two CARDINAL

Android ORG -based browsers are updated to version 118.1.0 CARDINAL .

The security issue is the same that Google ORG addressed in Chromium ORG and Google Chrome ORG

yesterday DATE .

CVE-2023-5217: Heap buffer overflow in libvpx GPE , is a critical security issue in libvpx GPE . Libvpx PERSON is a software video codec library developed by Google ORG and the Alliance for Open Media ORG . The free tool is open source and widely used in web browsers.

Mozilla ORG notes on the security advisory website: "Specific handling of an attacker-controlled VP8 media stream could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild."

The issue is actively exploited in the wild, but it is unclear how widespread the attacks are. Mozilla ORG reveals that the attack needs access to a VP8 media stream to be carried out.

Firefox users should update their browser immediately to protect it from attacks. Desktop users may select Menu > Help > ORG About Firefox to do so.

The popup that opens displays the installed version. Firefox runs an automatic check for updates whenever the popup is opened; it should pick up the new version to download and install it. A restart of the web browser is required to complete the installation. Another check of the "About" popup should display the new version and reassure users that their browser is no longer vulnerable to the attack.

Android ORG users need to wait until the new version is pushed to their devices via Google Play PRODUCT .

Summary Article Name Firefox 118.0.1 DATE and ESR 115.3.1 fix a critical security issue Description Mozilla ORG published a security update for Firefox ORG and Firefox ORG ESR that addresses a critical vulnerability that is exploited in the wild. Author Martin Brinkmann PERSON Publisher Ghacks Technology News Logo


Connecting to Connected... Page load complete