This flaw, tracked as CVE-2026-2447, impacts video processing for VP8 and VP9 formats, which Firefox uses widely across desktop and mobile platforms.
Security researcher Jayjayjazz discovered the issue, prompting quick patches in Firefox 147.0.4, Firefox ESR 140.7.1, and Firefox ESR 115.32.1.
A heap buffer overflow happens when software writes data past the end of its allocated memory buffer in the heap—the dynamic memory area programs use at runtime.
Attackers can exploit this by sending oversized or malformed video data, overwriting adjacent memory.
This leads to arbitrary code execution, browser crashes, or full system compromise without user interaction beyond visiting a malicious site or playing rigged video content.
Remote hackers could leverage it via crafted web pages, embedding exploit payloads in seemingly innocent media streams.
Mozilla rates CVE-2026-2447 as high-impact in its MFSA 2026-10 advisory, highlighting risks to millions of users on Windows, macOS, and Linux.
No widespread exploits appear in the wild yet, but the vulnerability’s ease of remote triggering makes it a prime target for drive-by attacks.
| CVE ID | CVSS Score | Severity | Description |
|---|---|---|---|
| CVE-2026-2447 | N/A | High | Heap buffer overflow in libvpx library affecting video processing |
| Firefox Edition | Vulnerable Versions | Patched Version |
|---|---|---|
| Firefox | < 147.0.4 | 147.0.4 |
| Firefox ESR | < 140.7.1 | 140.7.1 |
| Firefox ESR | < 115.32.1 | 115.32.1 |
Users should update immediately via Firefox’s Help > About Firefox menu, which checks and applies patches automatically.
Alternatively, download fresh installers from Mozilla’s site. Enterprises managing ESR branches must prioritize deployment to avoid exposure.
This release underscores libvpx’s role in multimedia-heavy browsing and the need for vigilant patching.
Similar overflows have fueled past campaigns, like those targeting media players. Stay ahead by enabling auto-updates and monitoring CISA alerts.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google
The post Mozilla Firefox v147.0.3 Released With Fix for Critical Heap Buffer Overflow Vulnerability appeared first on Cyber Security News.
The Federal Emergency Management Agency building in Washington, D.C., on Nov. 25, 2024. (Photo by…
Less than 24 hours before the deadline in an ultimatum issued by the Pentagon, Anthropic…
Netflix has dropped its $83 billion deal to acquire the Warner Bros. studio, HBO, and…
Microsoft is previewing a new AI system, Copilot Tasks, that it says is designed to…
Anyone who's been paying attention to PC hardware over the last few months probably isn't…
If you enjoy listening to music while you run, then this headphone deal is right…
This website uses cookies.