Mozilla on Tuesday introduced security updates to solve a critical zero-working day vulnerability in Firefox and Thunderbird that has been actively exploited in the wild, a working day soon after Google unveiled a fix for the issue in its Chrome browser.
The shortcoming, assigned the identifier CVE-2023-4863, is a heap buffer overflow flaw in the WebP graphic format that could consequence in arbitrary code execution when processing a specifically crafted image.
“Opening a destructive WebP impression could direct to a heap buffer overflow in the articles method,” Mozilla said in an advisory. “We are conscious of this issue staying exploited in other goods in the wild.”
In accordance to the description on the National Vulnerability Databases (NVD), the flaw could permit a remote attacker to complete an out-of-bounds memory write by way of a crafted HTML site.
Apple Security Engineering and Architecture (SEAR) and the Citizen Lab at The University of Toronto’s Munk College have been credited with reporting the security issue. It has been resolved in Firefox 117..1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2.
Upcoming WEBINARWay Also Susceptible: Uncovering the State of the Identification Attack Surface area
Realized MFA? PAM? Support account safety? Obtain out how very well-outfitted your corporation definitely is from identity threats
Supercharge Your Skills
The enhancement comes a working day following Google launched fixes for the very same flaw in Chrome, noting it is really “conscious that an exploit for CVE-2023-4863 exists in the wild.”
Previous 7 days, Apple also released patches to plug two actively exploited security holes that the Citizen Lab said have been weaponized as component of a zero-click iMessage exploit chain named BLASTPASS to deploy the Pegasus spy ware on absolutely-patched iPhones functioning iOS 16.6.
Whilst unique information concerning the flaws’ exploitation continue being not known, it truly is suspected that they are all currently being leveraged to goal people today who are at an elevated risk, this kind of as activists, dissidents, and journalists.
Located this write-up fascinating? Follow us on Twitter and LinkedIn to read through a lot more special articles we publish.
Some parts of this article are sourced from:
thehackernews.com