Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Zero-day Vulnerability in Mozilla Firefox & Thunderbird
Alerts

Critical Zero-day Vulnerability in Mozilla Firefox & Thunderbird

13 September 2023

Mozilla Foundation has released security updates addressing a critical zero-day vulnerability (CVE-2023-4863) in the WebP code library (libwebp). The vulnerability is reportedly being actively exploited.

Successful exploitation of the heap buffer overflow vulnerability could allow a remote attacker to perform denial-of-service (DoS) or arbitrary code execution via a crafted HTML page.

The vulnerability affects the following products:

  • Firefox 117.0.1

  • Firefox Extended Support Release (ESR) 115.2.1 and 102.15.1

  • Thunderbird 102.15.1 and 115.2.2

Users of Mozilla Firefox and Thunderbird are advised to update to the latest versions immediately. 

More information is available here:

https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863

https://www.bleepingcomputer.com/news/security/mozilla-patches-firefox-thunderbird-against-zero-day-exploited-in-attacks/