Mozilla has released emergency security updates for its Firefox web browser and Thunderbird email client to patch a critical zero-day vulnerability that is being exploited in attacks.

The vulnerability, tracked as CVE-2023-4863, is a use-after-free bug in the WebP image format decoder. Attackers can exploit this bug to execute arbitrary code on vulnerable systems.

Buy Me A Coffee

“Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild,” Mozilla said in an advisory published on Tuesday.

Mozilla has released updates for Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2.

Users are strongly advised to install these updates as soon as possible to protect their systems from attack.

Hacker Claims to Have 30 Million Customer Records from Australian Ticket Seller Giant TEG