Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

does the CVE-2023-4863 apply to the android app? and if it does, was it fixed?

  • 9 uphendule
  • 0 zinale nkinga
  • 63 views
  • Igcine ukuphendulwa ngu faj

more options

does the CVE-2023-4863 (Heap buffer overflow in libwebp) apply to the android app? and if it does, was it fixed?

does the CVE-2023-4863 (Heap buffer overflow in libwebp) apply to the android app? and if it does, was it fixed?

Isisombululo esikhethiwe

Hi

I have had confirmation back from Mozilla staff.

This was an issue in Firefox for Android, but it was fixed on 12th September. The advisory for this can be seen at https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/

Funda le mpendulo ngokuhambisana nalesi sihloko 👍 0

All Replies (9)

more options

Hi

Let me check that with Mozilla staff and I will get back to you.

more options

Okay thank you, im on version 117.1.0 btw

more options

Also i find if weird, is the newest version actually 117.1.0? Cause in android relase notes i see that 117.0 is the newest and in general relase notes it says 117.0.1 is the newest

more options

It doesn't contain libwebp, so it should be safe.

more options

I see, do you know if this applies to all android browsers or just firefox?

more options

faj said

I see, do you know if this applies to all android browsers or just firefox?

I don't know.

more options

I see, thanks for the anwser and i can sleep peacefully

more options

Isisombululo Esikhethiwe

Hi

I have had confirmation back from Mozilla staff.

This was an issue in Firefox for Android, but it was fixed on 12th September. The advisory for this can be seen at https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/

more options

Paul said

but it was fixed on 12th September.

You the link you sent says it got fixed in 117.0.1, but play store says 12 september there was 117.1.0, is it correct or did something with the updated break for me?