17.3 C
New York
Saturday, September 23, 2023

Mozilla Rushes to Patch WebP Vital Zero-Day Exploit in Firefox and Thunderbird


Sep 13, 2023THNVulnerability / Browser Safety

Zero-Day Exploit in Firefox

Mozilla on Tuesday launched safety updates to resolve a important zero-day vulnerability in Firefox and Thunderbird that has been actively exploited within the wild, a day after Google launched a repair for the problem in its Chrome browser.

The shortcoming, assigned the identifier CVE-2023-4863, is a heap buffer overflow flaw within the WebP picture format that might lead to arbitrary code execution when processing a specifically crafted picture.

“Opening a malicious WebP picture might result in a heap buffer overflow within the content material course of,” Mozilla stated in an advisory. “We’re conscious of this subject being exploited in different merchandise within the wild.”

In response to the outline on the Nationwide Vulnerability Database (NVD), the flaw might permit a distant attacker to carry out an out-of-bounds reminiscence write by way of a crafted HTML web page.

Apple Safety Engineering and Structure (SEAR) and the Citizen Lab at The College of Toronto’s Munk Faculty have been credited with reporting the safety subject. It has been addressed in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2.

UPCOMING WEBINAR

Means Too Weak: Uncovering the State of the Id Assault Floor

Achieved MFA? PAM? Service account safety? Learn how well-equipped your group actually is in opposition to id threats

Supercharge Your Abilities

The event comes a day after Google launched fixes for a similar flaw in Chrome, noting it is “conscious that an exploit for CVE-2023-4863 exists within the wild.”

Final week, Apple additionally launched patches to plug two actively exploited safety holes that the Citizen Lab stated have been weaponized as a part of a zero-click iMessage exploit chain named BLASTPASS to deploy the Pegasus spyware and adware on fully-patched iPhones working iOS 16.6.

Whereas particular particulars relating to the issues’ exploitation stay unknown, it is suspected that they’re all being leveraged to focus on people who’re at an elevated danger, equivalent to activists, dissidents, and journalists.

Discovered this text attention-grabbing? Observe us on Twitter and LinkedIn to learn extra unique content material we publish.



Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles