Mozilla Rushes to Patch WebP Critical Zero-Day Exploit in Firefox and Thunderbird


A day after Google fixed the problem in its Chrome browser, Mozilla on Tuesday provided security upgrades to address a severe zero-day vulnerability in Firefox and Thunderbird that has been extensively exploited in the wild.A heap buffer overflow bug in the WebP picture format, designated CVE-2023-4863, has the potential to lead to arbitrary code execution when processing a specifically created image.

Mozilla issued a warning: “Opening a malicious WebP image could result in a heap buffer overflow in the content process.” “We are aware that this problem is being abused in other products out there.” The National Vulnerability Database (NVD) states that the bug could enable a remote attacker to write out-of-bounds memory.

Read More…