Firefox 117.0.1 and Thunderbird 115.2.2 available
The emergency updates protect Firefox and Thunderbird against attacks.
Mozilla has fixed a security vulnerability in its web browsers and mail client that attackers are already exploiting. The critical vulnerability targeted by attackers threatens Firefox, Firefox ESR and Thunderbird. Anyone who uses the applications should install the latest versions quickly.
The vulnerability (CVE-2023-4863) is in Google's WebP image format. After triggering a memory error, attackers can use it to infect systems with malicious code. How such an attack could take place remains unclear.
In the according Security Advisory article, Mozilla lists the protected versions as Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2.
Anyone using the Firefox web browser should check whether the current version is already running and, if necessary, initiate the update. This can be done by clicking on the application menu, which is located behind the symbol with the three horizontal stripes to the right of the address bar, and then continuing with Help - About Firefox. If necessary, this triggers the update process and prompts users to restart their browser.