Mozilla Foundation Security Advisory 2023-40

Security Vulnerability fixed in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2

Announced
September 12, 2023
Impact
critical
Products
Firefox, Firefox ESR, Thunderbird
Fixed in
  • Firefox 117.0.1
  • Firefox ESR 102.15.1
  • Firefox ESR 115.2.1
  • Thunderbird 102.15.1
  • Thunderbird 115.2.2

#CVE-2023-4863: Heap buffer overflow in libwebp

Reporter
Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Toronto's Munk School
Impact
critical
Description

Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild.
Note: This advisory was previously also tracked as CVE-2023-5129.

References