Mozilla has released an out-of-band security update to address a critical vulnerability affecting its browser. The update, issued as Firefox v147.0.4, resolves a high-impact Heap buffer overflow flaw in the libvpx video codec library. The issue is tracked under CVE-2026-2447 and was identified by security researcher jayjayjazz. 

Although some users initially referenced Firefox v147 in discussions of the flaw, the patched build is officially version 147.0.4. Alongside this release, Mozilla also pushed updates for its Extended Support Release (ESR) channels: Firefox ESR 140.7.1 and Firefox ESR 115.32.1. The coordinated rollout reflects the seriousness of the vulnerability and its potential ...