Lemmy.one
  • Communities
  • Create Post
  • heart
    Support Lemmy
  • search
    Search
  • Login
  • Sign Up
Hal-5700X@lemmy.world to Firefox@lemmy.ml · 2 years ago

Firefox 117.0.1 released

www.mozilla.org

external-link
message-square
8
fedilink
  • cross-posted to:
  • firefox@fedia.io
  • firefox@lemmy.world
211
external-link

Firefox 117.0.1 released

www.mozilla.org

Hal-5700X@lemmy.world to Firefox@lemmy.ml · 2 years ago
message-square
8
fedilink
  • cross-posted to:
  • firefox@fedia.io
  • firefox@lemmy.world
Firefox 117.0.1, See All New Features, Updates and Fixes
www.mozilla.org
external-link
alert-triangle
You must log in or # to comment.
  • 𝒍𝒆𝒎𝒂𝒏𝒏
    link
    fedilink
    arrow-up
    39
    ·
    2 years ago

    I guess this ships the fix for the webp zero-day? That was pretty quick of them, massive props 👌

    • kubica@kbin.social
      link
      fedilink
      arrow-up
      7
      ·
      2 years ago

      It was that, the link about the security fix is working now.

    • Hal-5700X@lemmy.worldOP
      link
      fedilink
      arrow-up
      4
      ·
      edit-2
      2 years ago

      Based what was said in the security fix link. I see nothing about a fix.

      • jsdz@lemmy.ml
        link
        fedilink
        arrow-up
        4
        ·
        2 years ago

        If you’re looking for the details of how it was fixed, you’d need to look elsewhere such as: https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/

    • lustrum@sh.itjust.works
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      2 years ago

      Anyone who knows things got a laymen explanation for this zeroday?

      • Scratch@sh.itjust.works
        cake
        link
        fedilink
        English
        arrow-up
        3
        ·
        2 years ago

        In my understanding: What happens is a Heap Buffer Overflow. The Heap is a style of memory and a Buffer is just a chunk of storage where you place something that is a work in progress. (Think a Youtube video buffering, you are waiting for more data to come down so you can play the video)

        The WebP image type has the unintended ability to write to more memory than the OS assigns it. It can ‘overflow’.

        If you craft a WebP image file just right, you can write malicious code to a location in memory that the OS may think is executable code and then run it, all without the user knowing.

  • shortwavesurfer@monero.town
    link
    fedilink
    English
    arrow-up
    6
    ·
    2 years ago

    What really surprised me is how fast Fennec F-Droid was updated.

  • craigevil@lemmy.ml
    link
    fedilink
    arrow-up
    1
    ·
    2 years ago

    Debian had the update this a.m.

Firefox@lemmy.ml

firefox@lemmy.ml

Subscribe from Remote Instance

Create a post
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !firefox@lemmy.ml

A place to discuss the news and latest developments on the open-source browser Firefox

Visibility: Public
globe

This community can be federated to other instances and be posted/commented in by their users.

  • 56 users / day
  • 263 users / week
  • 630 users / month
  • 4.87K users / 6 months
  • 229 local subscribers
  • 20.2K subscribers
  • 1.12K Posts
  • 19.5K Comments
  • Modlog
  • mods:
  • k_o_t@lemmy.ml
  • BE: 0.19.7
  • Modlog
  • Legal
  • Instances
  • Docs
  • Code
  • join-lemmy.org