“Mozilla released emergency security updates today to fix a critical zero-day vulnerability exploited in the wild, impacting its Firefox web browser and Thunderbird email client.
“Tracked as CVE-2023-4863, the security flaw is caused by a heap buffer overflow in the WebP code library (libwebp), whose impact spans from crashes to arbitrary code execution.
“Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild,” Mozilla said in an advisory published on Tuesday.
Mozilla addressed the exploited zero-day in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2.”
==================================
I noticed that their repeated calls that “102 will the last version to be supported,” means that 102 will still get security updates, at least for a month. (Anyone with further clarity on this welcome. ) This is good, as many (myself included) got a look at 115, knew horror, and stuck with 102. Too new, too many glitches and griping/howling from users heard.
Also, T-bird keeps ping-ponging between offering updates to 102 and the new 115…weird. Is there smoke coming from the engine room at Mozilla?
==============================
Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
--
"Windows Update? Bah! I could carve a better ecosystem out of a banana!" -Jamrach Holobom
