Mozilla Patched WebP Critical Zero-Day Exploit in Firefox and Thunderbird: CVE-2023-4863 (heap buffer overflow flaw in the WebP image format that could result in arbitrary code execution)
Mozilla Patched WebP Critical Zero-Day Exploit in Firefox and Thunderbird: CVE-2023-4863 (heap buffer overflow flaw in the WebP image format that could result in arbitrary code execution)
thehackernews.com
Mozilla Rushes to Patch WebP Critical Zero-Day Exploit in Firefox and Thunderbird
Summary
- Mozilla has released security updates for Firefox and Thunderbird to fix a critical zero-day vulnerability that has been actively exploited in the wild.
- The vulnerability, tracked as CVE-2023-4863, is a heap buffer overflow flaw in the WebP image format that could allow an attacker to execute arbitrary code on the victim's computer.
- The vulnerability is suspected to target individuals who are at an elevated risk, such as activists, dissidents, and journalists.
- Mozilla has released Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2 to fix the vulnerability.
- Google has also released a fix for the vulnerability in Chrome.
Additional Details
- The WebP image format is a modern image format that is designed to be more efficient than other image formats, such as JPEG and PNG.
- The heap buffer overflow vulnerability occurs when Firefox or Thunderbird attempts to decode a specially crafted WebP image.
- The vulnerability could allow an attacker to execute arbitrary code on the victim's computer by tricking them into opening a malicious WebP image.
- Mozilla and Google have been working to fix the vulnerability since it was reported to them.
- The security updates have been released for all supported versions of Firefox and Thunderbird.
- Users are advised to update their browsers as soon as possible to protect themselves from this vulnerability.