Mozilla has released Firefox version 147.0.3, fixing a serious memory-related vulnerability that could let hackers run arbitrary code by taking advantage of a heap buffer overflow problem in the media processing library of the browser This article explores buffers libvpx mozilla. . The patch, which is included in the Mozilla Foundation Security Advisory 2026-10, makes desktop and Extended Support Release (ESR) versions of the browser more secure overall.

The flaw, identified as CVE-2026-2447, was found in libvpx, a video codec library that Firefox uses to process VP8 and VP9 media streams. Included is a fix for heap buffer overflow, which security researcher Jayjayjazz reported could occur when a user visits a malicious website that contains specially crafted video content.

Attackers could gain control of the user's system if the vulnerability is successfully exploited, as it may result in memory corruption and possible remote code execution. Because this kind of memory overflow vulnerability allows attackers to manipulate memory boundaries and inject malicious data into affected processes, the advisory believes the impact is high. By tightening memory checks and requiring safe handling of video frame buffers within libvpx, Mozilla's engineers have fixed the problem.

Released on February 16, 2026, Firefox 147.0.4, Firefox ESR 140.7.1, and Firefox ESR 115.32.1 all contain the patch. It is highly recommended that users of older versions update right away in order to protect their browsers from possible abuse. The vulnerability fix demonstrates Mozilla's continued dedication to user safety through prompt vulnerability response and open disclosure.

In its security advisory, which offers more technical information and a proof of concept proving the reproducibility of the problem and the validity of the patch, Mozilla also made reference to Bug 2014390. Regular browser updates are still essential for reducing vulnerability to memory corruption and zero-day attacks, especially for programs that handle complicated data formats like multimedia. In order to get future security patches quickly, users and system administrators should make sure automatic updates are enabled.

X, LinkedIn, and LinkedIn for daily ZeroOwl. To have your stories featured, get in touch with us.