Firefox 117.0.1 and Thunderbird 115.2.2 available
The emergency updates protect Firefox and Thunderbird against attacks.
Boris WeberMozilla has fixed a security vulnerability in its web browsers and mail client that attackers are already exploiting. The critical vulnerability targeted by attackers threatens Firefox, Firefox ESR and Thunderbird. Anyone who uses the applications should install the latest versions quickly.
The vulnerability (CVE-2023-4863) is in Google's WebP image format. After triggering a memory error, attackers can use it to infect systems with malicious code. How such an attack could take place remains unclear.
In the according Security Advisory article, Mozilla lists the protected versions as Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2.
Anyone using the Firefox web browser should check whether the current version is already running and, if necessary, initiate the update. This can be done by clicking on the application menu, which is located behind the symbol with the three horizontal stripes to the right of the address bar, and then continuing with Help - About Firefox. If necessary, this triggers the update process and prompts users to restart their browser.
About Author
Boris Weber
I am an editor at UpdateStar. I started as a support engineer, and am now specialized in writing about general software topics from a usability and performance angle among others. I telecommute from UpdateStar’s Berlin office, when I am not working remote as a digital nomad for UpdateStar.