This includes the Google Chrome web browser, which received a patch for this flaw on Monday. In the security advisory issued by Mozilla, the company revealed that the CVE-2023-4863 zero-day also affects other software that uses the vulnerable version of the WebP code library. Therefore, users are strongly encouraged to download the updated versions of Firefox and Thunderbird to protect their systems from potential attacks. While specific details about the exploitation of the WebP flaw in attacks are yet to be revealed, it's clear that this critical vulnerability is being misused in real-world situations. The zero-day vulnerability, which has been exploited, was addressed in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2. We are aware of this issue being exploited in other products in the wild," Mozilla stated in a security advisory released on Tuesday. "Opening a malicious WebP image could lead to a heap buffer overflow in the content process. The security flaw originates from a heap buffer overflow in the WebP code library (libwebp), and its consequences can range from system crashes to arbitrary code execution. This vulnerability affects the company's Firefox web browser and Thunderbird email client. Mozilla has released urgent security patches to rectify a critical zero-day vulnerability, identified as CVE-2023-4863, that has been exploited in the wild.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |