- cross-posted to:
- [email protected]
- firefox
You must log in or register to comment.
Fix is to address a critical CVE:
Specific handling of an attacker-controlled VP8 media stream could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild.
Any idea if it’s the same root cause as CVE-2023-4863 (libwebp heap buffer overflow)? WEBP is a derivative of VP8, after all.
It is apparently a new one in libvpx