Firefox Updates

Patch Alert! Exploited Zero-Day Vulnerability – Firefox Updates

2 Mins Read

PureVPNNewsPatch Alert! Exploited Zero-Day Vulnerability – Firefox Updates

On Tuesday, Mozilla issued security updates to address a critical zero-day vulnerability in Firefox and Thunderbird. This vulnerability had been actively exploited by malicious actors in the wild. Google had also released a fix for the same issue in its Chrome browser the day before.

This weakness, CVE-2023-4863, pertains to a heap buffer overflow issue within the WebP image format. If a specially crafted image is processed, it could lead to arbitrary code execution.

What could happen?

Mozilla warned that opening a malicious WebP image could trigger a heap buffer overflow in the content process, and they were aware of this exploit being used in other products.

buffer overflow attack

The National Vulnerability Database (NVD) described this flaw as potentially allowing a remote attacker to perform an out-of-bounds memory write through a crafted HTML page.

Apple Security Engineering and Architecture (SEAR) and the Citizen Lab at the University of Toronto’s Munk School reported this security concern. Mozilla addressed it in various versions, including Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2.

Have we seen it earlier?

Google had already released fixes for the same vulnerability in Chrome, acknowledging the existence of an exploit for CVE-2023-4863 in the wild.

Last week, Apple also released updates to patch two actively exploited security vulnerabilities, which the Citizen Lab named as part of a zero-click iMessage exploit chain called BLASTPASS. 

Be mindful of Zero-day Vulnerabilities

The recent discovery of a critical zero-day vulnerability, CVE-2023-4863, affecting popular web browsers like Firefox, Thunderbird, and Chrome raises severe concerns in the cybersecurity community. 

Heap buffer overflow flaws, like the one identified in the WebP image format, have the potential for devastating consequences, allowing attackers to execute arbitrary code through specially crafted images. 

Notably, the swift response from Mozilla and Google in releasing patches is commendable, highlighting the importance of timely updates. The fact that this vulnerability was actively exploited in the wild underscores the ever-present danger posed by cyber threats. 

Be wise, be secure!

author

Anas Hasan

date

September 13, 2023

time

2 years ago

Anas Hassan is a tech geek and cybersecurity enthusiast. He has a vast experience in the field of digital transformation industry. When Anas isn’t blogging, he watches the football games.

Related Stories

Meta Introduces Passkey Login Support for Facebook on Android and iOS Devices

Meta Introduces Passkey Login Support for Facebook on Android and iOS Devices
Posted on June 19, 2025
Telegram Blocked in Vietnam Amid Crackdown on Online Speech

Telegram Blocked in Vietnam Amid Crackdown on Online Speech
Posted on May 26, 2025
Is Canva Down? Current Status and Reports

Is Canva Down? Current Status and Reports
Posted on May 26, 2025

Have Your Say!!

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.

Get PureVPN