Mozilla Foundation Security Advisory 2023-44
Security Vulnerability fixed in Firefox 118.0.1, Firefox ESR 115.3.1, Firefox for Android 118.1.0, and Firefox Focus for Android 118.1.0.
- Announced
- September 28, 2023
- Impact
- critical
- Products
- Firefox, Firefox ESR, Firefox Focus for Android, Firefox for Android
- Fixed in
-
- Firefox 118.0.1
- Firefox ESR 115.3.1
- Firefox Focus for Android 118.1
- Firefox for Android 118.1
- Reporter
- Clément Lecigne of Google's Threat Analysis Group
- Impact
- critical
Description
Specific handling of an attacker-controlled VP8 media stream could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild.
References