Firefox 118.0.1 and ESR 115.3.1 fix a critical security issue
The update is available for Firefoxand Firefox ESR for desktop operating system, for Firefox Focus and for Firefox for Android .
The desktop version of Firefoxis updated to version 118.0.1 to address the issue. Firefox ESR is updated to 115.3 .. 1 , and the two
Android-based browsers are updated to version 118.1.0 .
The security issue is the same that Googleaddressed in Chromium and Google Chrome
CVE-2023-5217: Heap buffer overflow in libvpx, is a critical security issue in libvpx . Libvpx is a software video codec library developed by Google and the Alliance for Open Media . The free tool is open source and widely used in web browsers.
Mozillanotes on the security advisory website: "Specific handling of an attacker-controlled VP8 media stream could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild."
The issue is actively exploited in the wild, but it is unclear how widespread the attacks are. Mozillareveals that the attack needs access to a VP8 media stream to be carried out.
Firefox users should update their browser immediately to protect it from attacks. Desktop users may select Menu > Help >About Firefox to do so.
The popup that opens displays the installed version. Firefox runs an automatic check for updates whenever the popup is opened; it should pick up the new version to download and install it. A restart of the web browser is required to complete the installation. Another check of the "About" popup should display the new version and reassure users that their browser is no longer vulnerable to the attack.
Androidusers need to wait until the new version is pushed to their devices via Google Play .
Summary Article Name Firefox 118.0.1and ESR 115.3.1 fix a critical security issue Description Mozilla published a security update for Firefox and Firefox ESR that addresses a critical vulnerability that is exploited in the wild. Author Martin Brinkmann Publisher Ghacks Technology News Logo