Ubuntu
firefox package

CVE-2023-4863: Heap buffer overflow in libwebp

Bug #2035300 reported by Paul Jaros
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Mozilla released a new version under https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/ fixing a critical bug.

$ lsb_release -rd
Description: Ubuntu 22.04.3 LTS
Release: 22.04

$ apt-cache policy firefox
firefox:
  Installiert: 1:1snap1-0ubuntu2
  Installationskandidat: 1:1snap1-0ubuntu2
  Versionstabelle:
 *** 1:1snap1-0ubuntu2 500
        500 http://mirror.init7.net/ubuntu jammy/main amd64 Packages
        500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages
        100 /var/lib/dpkg/status

As of now the latest version doesn't include this critical fix.

See original description

CVE References

Paul Jaros (madmike77)
information type: Private Security → Public
Paul Jaros (madmike77)
description: updated
Revision history for this message
Nishit Majithia (0xnishit) wrote :

Hi @madmike77, Thank you for reporting the issue. The team is working on it and will publish the new Firefox release with the fixes asap.

Revision history for this message
Nishit Majithia (0xnishit) wrote :

Firefox has been released for focal(USN-6367-1) and other releases(as snap).
I am now marking this issue as closed.
thanks

Changed in firefox (Ubuntu):
status: New → Fix Released
Revision history for this message
Paul Jaros (madmike77) wrote :

Thank you for fixing this ♥

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.