Skip to main content
Skip table of contents

ISN 2023-20: Firefox Libwebp Vulnerability

Updated 27 September 2023 (fix version, add CVE-2023-5129)

First published 14 September 2023

CVSS 3.1: 10.0 (Critical)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

A critical vulnerability has been found in the Firefox web browser. This affects the following IGEL products:

  • IGEL OS 11

Details

A zero-day critical heap buffer overflow vulnerability has been found in the WebP library used by Firefox. This vulnerability can be tracked with CVE-2023-4863 and CVE-2023-5129. Apple’s Security Engineering and Architecture (SEAR) and The Citizen Lab are not publishing the details of this vulnerability as it has been seen exploited in-the-wild and they are giving time for people to update their browsers.

Update Instructions

  • OS 11: Update to IGEL OS 11.09.100 (planned for 5 October 2023) with an updated Firefox.

References

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.