Firefox v147.0.3 Released with Critical Fix for Heap Buffer Overflow Vulnerability

Mozilla has released an emergency security update for Firefox, addressing a critical heap buffer overflow vulnerability in the libvpx library.

The update, version 147.0.4, was announced on February 16, 2026, alongside corresponding patches for Firefox ESR 140.7.1 and ESR 115.32.1.

The vulnerability, tracked as CVE-2026-2447, was discovered by security researcher jayjayjazz and affects the libvpx video codec library used by Firefox for processing VP8 and VP9 video formats.

A heap buffer overflow occurs when a program writes data beyond the allocated memory buffer, potentially allowing attackers to execute arbitrary code or crash the browser.

This type of vulnerability is particularly dangerous as it can be exploited through malicious websites or video content to compromise user systems.

Mozilla classified the vulnerability as high-impact, indicating it poses significant security risks to Firefox users.

The flaw could enable remote attackers to execute malicious code on victim machines by tricking users into visiting specially crafted websites or opening malicious video files.

Given the widespread use of Firefox across desktop and mobile platforms, the rapid deployment of this security patch underscores the severity of the threat.

Affected and Patched Versions

Users are strongly advised to update their Firefox browsers immediately through the browser’s built-in update mechanism or by downloading the latest version from Mozilla’s official website.

The vulnerability affects all major platforms including Windows, macOS, and Linux systems running affected Firefox versions.

Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google