Mozilla has released emergency security updates for its Firefox web browser and Thunderbird email client to patch a critical zero-day vulnerability that is being exploited in attacks.
The vulnerability, tracked as CVE-2023-4863, is a use-after-free bug in the WebP image format decoder. Attackers can exploit this bug to execute arbitrary code on vulnerable systems.
“Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild,” Mozilla said in an advisory published on Tuesday.
Mozilla has released updates for Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2.
Users are strongly advised to install these updates as soon as possible to protect their systems from attack.
Bijay Pokharel
Related posts
Recent Posts
Subscribe
Cybersecurity Newsletter
You have Successfully Subscribed!
Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox. You are also consenting to our Privacy Policy and Terms of Use.