September 29, 2023

Mozilla has released crucial security updates to address a critical Firefox zero day vulnerability that also detected the flaw in the Thunderbird application.

The zero-day was dubbed CVE-2023-4863 and has been actively exploited in the wild. Interestingly enough, the CVE system website mentions Chrome as the assigner of CVE-2023-4863. Google too released a patch for the same CVE-2023-4863 issue affecting its Chrome browser.

The zero day vulnerability is a heap buffer overflow flaw within the WebP image format. Threat actors can exploit it to execute arbitrary code when processing a specially crafted image.

Advertisements

Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild.

The vulnerability affected Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird. Mozilla released patches for all the impacted products.

According to the National Vulnerability Database, the flaw can enable remote code execution. Thus, an attacker could run an out-of-bounds memory write through a crafted HTML page.

Tags:

Leave a Reply

You may have missed

Google fixes fifth Zeroday bug in Chrome

September 28, 2023

OpenSea NFT suffers a Breach

September 28, 2023

WordPress Simple Membership Plugin Vulnerabilities

September 28, 2023

Jetbrains TeamCity RCE Vulnerability

September 27, 2023

Heap Buffer Overflow Bug in libwebp Library -CVE-2023-5129

September 27, 2023 2

Symantec Collaborates with Google Cloud Security AI

September 27, 2023 2
%d bloggers like this: