Critical Zero-day Vulnerability in Mozilla Firefox & Thunderbird

Published on 13 Sep 2023 | Updated on 13 Sep 2023

Mozilla Foundation has released security updates addressing a critical zero-day vulnerability (CVE-2023-4863) in the WebP code library (libwebp). The vulnerability is reportedly being actively exploited.

Successful exploitation of the heap buffer overflow vulnerability could allow a remote attacker to perform denial-of-service (DoS) or arbitrary code execution via a crafted HTML page.

The vulnerability affects the following products:
  • Firefox 117.0.1
  • Firefox Extended Support Release (ESR) 115.2.1 and 102.15.1
  • Thunderbird 102.15.1 and 115.2.2
Users of Mozilla Firefox and Thunderbird are advised to update to the latest versions immediately. 

More information is available here: