The fix, part of the Mozilla Foundation Security Advisory 2026-10, improves overall browser security across both desktop and Extended Support Release (ESR) versions.
The vulnerability, tracked as CVE-2026-2447, was discovered in libvpx, a video codec library used by Firefox for handling VP8 and VP9 media streams.
Reported by security researcher Jayjayjazz, the flaw could be triggered when a user visits a malicious website containing specially crafted video content.
If successfully exploited, the vulnerability could lead to memory corruption and potential remote code execution, giving attackers control over the user’s system.
The advisory considers the impact to be high, as this type of memory overflow vulnerability enables attackers to manipulate memory boundaries and inject malicious data into affected processes.
Mozilla’s engineers have resolved the issue by strengthening memory checks and enforcing secure handling of video frame buffers within libvpx.
The patch is included in Firefox 147.0.4, Firefox ESR 140.7.1, and Firefox ESR 115.32.1, released on February 16, 2026.
Users of earlier versions are strongly encouraged to update immediately to safeguard their browsers from potential exploitation.
The vulnerability fix highlights Mozilla’s ongoing commitment to user safety through rapid vulnerability response and transparent disclosure.
Mozilla also referenced Bug 2014390 in its security advisory, which provides additional technical details and a proof of concept demonstrating the issue’s reproducibility and the patch’s validation.
Routine browser updates remain critical for minimizing exposure to zero-day and memory-corruption vulnerabilities, particularly for applications that process complex data formats such as multimedia content.
Users and system administrators should ensure automatic updates are enabled to receive future security patches promptly.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Firefox v147.0.3 Released With Fix for Heap Buffer Overflow Vulnerability appeared first on Cyber Security News.
Anyone who's been paying attention to PC hardware over the last few months probably isn't…
If you enjoy listening to music while you run, then this headphone deal is right…
Anyone who's been paying attention to PC hardware over the last few months probably isn't…
If you enjoy listening to music while you run, then this headphone deal is right…
The LEGO Pokémon Venusaur, Charizard, and Blastoise, which is available exclusively at the LEGO Store,…
AMC Theatres is once again testing the waters to see if moviegoers are willing to…
This website uses cookies.