===================================================================== CERT-Renater Note d'Information No. 2023/VULN318 _____________________________________________________________________ DATE : 13/09/2023 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Firefox versions prior to 117.0.1, ESR 102.15.1, ESR 115.2.1, Thunderbird versions prior to 102.15.1, 115.2.2. ===================================================================== https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/ _____________________________________________________________________ Mozilla Foundation Security Advisory 2023-40 Security Vulnerability fixed in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2 Announced September 12, 2023 Impact critical Products Firefox, Firefox ESR, Thunderbird Fixed in Firefox 117.0.1 Firefox ESR 102.15.1 Firefox ESR 115.2.1 Thunderbird 102.15.1 Thunderbird 115.2.2 #CVE-2023-4863: Heap buffer overflow in libwebp Reporter Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Toronto's Munk School Impact critical Description Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild. References Bug https://bugzilla.mozilla.org/show_bug.cgi?id=1852649 Bug https://bugs.chromium.org/p/chromium/issues/detail?id=1479274 ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================