Mozilla updates Firefox and Thunderbird to fix zero-day vulnerabilities.

Mozilla updates Firefox and Thunderbird to fix zero-day vulnerabilities.

Mozilla Fixes Critical Zero-Day Vulnerability in Firefox and Thunderbird

Mozilla Firefox

Mozilla, the not-for-profit software developer, has addressed a critical zero-day vulnerability that affected its widely used Firefox web browser and Thunderbird email client. The flaw, identified as CVE-2023-4863, was caused by a heap buffer overflow in the WebP code library. This security issue allowed attackers to exploit the vulnerability by simply opening a malicious WebP image, which could potentially lead to a heap buffer overflow in the content process. Disturbingly, Mozilla has confirmed that this flaw has already been exploited in other software products in the wild.

To combat this security threat, Mozilla released emergency security updates for the following versions: – Firefox 117.0.1 – Firefox ESR 115.2.1 – Firefox ESR 102.15.1 – Thunderbird 102.15.1 – Thunderbird 115.2.2

While the details of the actual attacks have not been shared, Mozilla strongly advises all users to update their versions of Firefox and Thunderbird immediately. By doing so, users can protect themselves from potential exploits and ensure the safety of their browsing and email activities.

Google Chrome

It is worth noting that Mozilla was not the only software developer affected by this vulnerability. Google also utilized the vulnerable WebP code library version in its Chrome web browser. As a result, Google promptly released a patch for Chrome on Monday, warning that an exploit for CVE-2023-4863 was already in circulation. These security updates have been gradually rolling out and are expected to cover all Chrome users in the coming weeks, securing their browsing experience.

The discovery of this vulnerability can be attributed to Apple’s Security Engineering and Architecture team, who initially reported the flaw on September 6th. Working in collaboration with The Citizen Lab at the University of Toronto’s Munk School, Apple and Citizen Lab have gained prominence for their track record in identifying and disclosing zero-day vulnerabilities.

Recently, Citizen Lab made headlines when it exposed two zero-day vulnerabilities employed by the notorious NSO Group’s Pegasus mercenary spyware campaign against up-to-date iPhones. Apple swiftly reacted by patching these vulnerabilities and subsequently backporting the fixes to older iPhone models like the iPhone 6s, iPhone 7, and iPhone SE.

It is reassuring to see industry leaders taking swift action to address vulnerabilities and protect users from potential threats. In a rapidly evolving digital landscape, such collaborative efforts between technology giants and research institutions are essential for identifying and mitigating potential security risks.

Remember, keeping your software up to date is crucial to ensuring the security of your devices and personal data. So, make sure to update your Firefox and Thunderbird installations as soon as possible to stay protected.