The Firefox web browser and Thunderbird email client were both affected by a major zero-day vulnerability that Mozilla released emergency security patches to address today.
The security hole, identified as CVE-2023-4863, is brought on by a heap buffer overflow in the WebP code library (libwebp), and it can lead to anything from crashes to arbitrary code execution.
“The content process may experience a heap buffer overflow if a malicious WebP image is opened. In a Tuesday advisory, Mozilla stated, “We are aware of this issue being abused in other products in the wild read more Mozilla patches Firefox and Thunderbird against zero-day exploited in attacks.
Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.