Critical Zero-Day Exploit in Mozilla Firefox and Thunderbird
Mozilla releases a security update to address a Critical zero-day vulnerability in Mozilla Firefox and Thunderbird
Summary
Mozilla releases a security update to address a Critical zero-day vulnerability in Mozilla Firefox and Thunderbird
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
Mozilla has released a security update to address a critical-severity zero-day vulnerability in Mozilla Firefox and Thunderbird. This vulnerability, known as CVE-2023-4863, can be exploited via a maliciously crafted WebP image leading to a denial-of-service (DoS) condition or arbitrary code execution on affected systems.
Exploitation of CVE-2023-4863
CVE-2023-4863 is a vulnerability related to the WebP Codec used within multiple software packages including Mozilla Firefox, Mozilla Thunderbird, Google Chrome, Microsoft Edge and many others.
Exploitation of this vulnerability in the wild has been reported across a variety of products, including Mozilla Firefox and Thunderbird.
An exploitation proof-of-concept has also been publicly released. Further exploitation is likely.
Threat updates
| Date | Update |
|---|---|
| 22 Sep 2023 |
Exploitation proof-of-concept publicly released
This cyber alert has been updated to reflect this change. |
Remediation advice
Affected organisations are encouraged to review the Mozilla Foundation Security Advisory 2023-40 and apply the relevant updates.
Definitive source of threat updates
Last edited: 22 September 2023 2:37 pm