Mozilla has released emergency security updates for its Firefox web browser and Thunderbird email client to patch a critical zero-day vulnerability that is being exploited in attacks.

The vulnerability, tracked as CVE-2023-4863, is a use-after-free bug in the WebP image format decoder. Attackers can exploit this bug to execute arbitrary code on vulnerable systems.

“Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild,” Mozilla said in an advisory published on Tuesday.

Buy Me a Coffee

Mozilla has released updates for Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2.

Users are strongly advised to install these updates as soon as possible to protect their systems from attack.

READ
Hacker Claims to Have Breached U.S. Location Firm Gravy Analytics