Firefox browser developer Mozilla released a security update on Tuesday to address a serious zero-day vulnerability in Firefox and Thunderbird that has been actively exploited in the wild, the Daily Planet reported. Officials have solved this problem in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1 and Thunderbird 115.2.2, and recommend users to upgrade in time.
This vulnerability, identified as CVE-2023-4863, is a heap buffer overflow vulnerability in the WebP image format that may lead to arbitrary code execution when processing specially crafted images. According to the description in the U.S. National Vulnerability Database, this vulnerability may allow a remote attacker to perform out-of-bounds memory write operations through a specially crafted HTML page.
Yesterday's news, Google revealed in a security bulletin released on Monday that it has become aware that the CVE-2023-4863 zero-day vulnerability has been used in wild attacks. The new version is currently rolling out to users in the Stable and Extended Stable channels, and is expected to reach the entire user base in the coming days and weeks.
