jscher2000
commented
1 year ago Hello, each add-on converts WebP by calling built-in features in Firefox to draw an image from the page onto a canvas, then save the canvas into a different image format. They does not contain any of their own code for image processing.
Edit:
After reading the second CVE link -- none of the add-ons contain a copy of "libwebp" (older or newer).
ghost
Hello Sir.
It can be read in the trade press that not only browsers, but masses of other software are affected by the webp security vulnerability.
What about your software? e.g.
Mozilla Source: https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
Description
Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild. Note: This advisory was previously also tracked as CVE-2023-4863. References
https://www.cve.org/CVERecord?id=CVE-2023-5129 https://www.cve.org/CVERecord?id=CVE-2023-4863 https://bugzilla.mozilla.org/show_bug.cgi?id=1852649 https://bugs.chromium.org/p/chromium/issues/detail?id=1479274
I am not familiar with the content of GH and have not found another way to ask you in a hurry.
Thank you