![]() Mozilla on Thursday released Firefox updates to fix CVE-2023-5217, noting that "specific handling of an attacker-controlled VP8 media stream could lead to a heap buffer overflow in the content process." The issue has been resolved in versions Firefox 118.0.1, Firefox ESR 115.3.1, Firefox Focus for Android 118.1, and Firefox for Android 118.1. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available. Users are recommended to upgrade to Chrome version 1.132 for Windows, macOS, and Linux to mitigate potential threats. The development comes as Google assigned a new CVE identifier, CVE-2023-5129, to the critical flaw in the libwebp image library – originally tracked as CVE-2023-4863 – that has come under active exploitation in the wild, considering its broad attack surface. It's also suspected that the Israeli spyware maker Cytrox may have exploited a recently patched Chrome vulnerability (CVE-2023-4762, CVSS score: 8.8) as a zero-day to deliver Predator, although very little information is currently available about the in-the-wild attacks. CVE-2023-4863 (CVSS score: 8.8) - Heap buffer overflow in WebP. ![]() ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |