Firefox

17794 readers

28 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago

MODERATORS

[email protected]

208

Firefox 117.0.1 released (www.mozilla.org)

submitted 1 year ago by [email protected] to c/[email protected]

8 comments fedilink hide all child comments

top 8 comments

sorted by: hot top controversial new old

[–] [email protected] 37 points 1 year ago (3 children)

I guess this ships the fix for the webp zero-day? That was pretty quick of them, massive props 👌

[–] [email protected] 7 points 1 year ago

It was that, the link about the security fix is working now.

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago) (1 children)

Based what was said in the security fix link. I see nothing about a fix.

[–] [email protected] 4 points 1 year ago

If you're looking for the details of how it was fixed, you'd need to look elsewhere such as: https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

Anyone who knows things got a laymen explanation for this zeroday?

[–] [email protected] 3 points 1 year ago

In my understanding: What happens is a Heap Buffer Overflow. The Heap is a style of memory and a Buffer is just a chunk of storage where you place something that is a work in progress. (Think a Youtube video buffering, you are waiting for more data to come down so you can play the video)

The WebP image type has the unintended ability to write to more memory than the OS assigns it. It can 'overflow'.

If you craft a WebP image file just right, you can write malicious code to a location in memory that the OS may think is executable code and then run it, all without the user knowing.

[–] [email protected] 6 points 1 year ago

What really surprised me is how fast Fennec F-Droid was updated.

[–] [email protected] 1 points 1 year ago

Debian had the update this a.m.