Critical Zero-day Vulnerability in Mozilla Firefox & Thunderbird
Published on 13 Sep 2023 | Updated on 13 Sep 2023
Mozilla Foundation has released security updates addressing a critical zero-day vulnerability (CVE-2023-4863) in the WebP code library (libwebp). The vulnerability is reportedly being actively exploited.
Successful exploitation of the heap buffer overflow vulnerability could allow a remote attacker to perform denial-of-service (DoS) or arbitrary code execution via a crafted HTML page.
The vulnerability affects the following products:
Firefox 117.0.1
Firefox Extended Support Release (ESR) 115.2.1 and 102.15.1
Thunderbird 102.15.1 and 115.2.2
Users of Mozilla Firefox and Thunderbird are advised to update to the latest versions immediately.