Home Mozilla patches Firefox and Thunderbird against zero-day exploits

Mozilla patches Firefox and Thunderbird against zero-day exploits

Mozilla fixed a critical zero-day vulnerability affecting its Firefox web browser and Thunderbird email client via emergency security updates.

The security flaw in question — CVE-2023-4863 — stemmed from a heap buffer overflow in the WebP code library.

“Opening a malicious WebP image could lead to a heap buffer overflow in the content process,” Mozilla said in an advisory published on Tuesday, adding: “We are aware of this issue being exploited in other products in the wild.”

The not-for-profit software developer addressed the zero-day exploit for:

  • Firefox 117.0.1
  • Firefox ESR 115.2.1
  • Firefox ESR 102.15.1
  • Thunderbird 102.15.1
  • Thunderbird 115.2.2

The details surrounding the WedP flaw being used in attacks have not been shared, but users have been strongly advised to update their versions of Firefox and Thunderbird.

Google already patched Chrome

Mozilla software was not alone in using the vulnerable WebP code library version.

Google patched its Chrome web browser on Monday while warning that “an exploit for CVE-2023-4863 exists in the wild.” Its security updates have been rolling out and are expected to cover its entire user base in the weeks ahead.

Apple and The Citizen Lab identified the flaw

Apple’s Security Engineering and Architecture team first reported the flaw on Sept. 6, alongside The Citizen Lab at the University of Toronto’s Munk School — the latter famous for identifying and disclosing zero-day vulnerabilities.

Citizen Lab recently identified two zero-day vulnerabilities used to deploy NSO Group’s infamous Pegasus mercenary spyware onto up-to-date iPhones. Apple patched the vulnerabilities last week before backporting them to older iPhone models — such as the iPhone 6s, iPhone 7 and iPhone SE.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the gambling and blockchain industries for major developments, new product and brand launches, game releases and other newsworthy events. Editors assign relevant stories to in-house staff writers with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Elsa is a veteran blockchain and cryptocurrency writer. She previously wrote for Bitcoinist and NewsBTC.

Get the biggest iGaming headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Gambling News

    Explore the latest in online gambling with our curated updates. We cut through the noise to deliver concise, relevant insights, keeping you informed about the ever-changing world of iGaming and its most important trends.

    In-Depth Strategy Guides

    Elevate your game with tailored strategies for sports betting, table games, slots, and poker. Learn how to maximize bonuses, refine your tactics, and boost your chances to beat the house.

    Unbiased Expert Reviews

    Honest and transparent reviews of sportsbooks, casinos and poker rooms crafted through industry expertise and in-depth analysis. Delve into intricacies, get the best bonus deals, and stay ahead with our trustworthy guides.