Mozilla has issued urgent security updates today to address a critical zero-day vulnerability that has been actively exploited in the wild. This vulnerability affects both its Firefox web browser and Thunderbird email client.
Identified as CVE-2023-4863, this security flaw arises from a heap buffer overflow within the WebP code library (libwebp). Its potential consequences range from system crashes to the execution of arbitrary code.
Mozilla issued an advisory on Tuesday, stating, “Opening a malicious WebP image could trigger a heap buffer overflow in the content process. We are aware that this issue has been exploited in other products in real-world scenarios.”
