Hal-5700X@lemmy.world to Firefox@lemmy.ml · 1 year agoFirefox 118.1 releasedwww.mozilla.orgexternal-linkmessage-square3fedilinkarrow-up1117arrow-down11file-text
arrow-up1116arrow-down1external-linkFirefox 118.1 releasedwww.mozilla.orgHal-5700X@lemmy.world to Firefox@lemmy.ml · 1 year agomessage-square3fedilinkfile-text
minus-squareTwinHaelix@reddthat.comlinkfedilinkarrow-up15·1 year agoFix is to address a critical CVE: Specific handling of an attacker-controlled VP8 media stream could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild.
minus-squarepivot_root@lemmy.worldlinkfedilinkarrow-up2·1 year agoAny idea if it’s the same root cause as CVE-2023-4863 (libwebp heap buffer overflow)? WEBP is a derivative of VP8, after all.
minus-squareAudacity9961@feddit.chlinkfedilinkarrow-up4·1 year agoIt is apparently a new one in libvpx
Fix is to address a critical CVE:
Any idea if it’s the same root cause as CVE-2023-4863 (libwebp heap buffer overflow)? WEBP is a derivative of VP8, after all.
It is apparently a new one in libvpx