Skip to main content
Creating a new NHS England: Health Education England, NHS Digital and NHS England have merged. More about the merger.

Critical Zero-Day Exploit in Mozilla Firefox and Thunderbird

Mozilla releases a security update to address a Critical zero-day vulnerability in Mozilla Firefox and Thunderbird

Threat ID:
CC-4379
Threat Severity:
Medium
Published:
13 September 2023 2:24 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Mozilla releases a security update to address a Critical zero-day vulnerability in Mozilla Firefox and Thunderbird

Threat details

Introduction

Mozilla has released a security update to address a critical-severity zero-day vulnerability in Mozilla Firefox and Thunderbird.  This vulnerability, known as CVE-2023-4863, can be exploited via a maliciously crafted WebP image leading to a denial-of-service (DoS) condition or arbitrary code execution on affected systems.

 

Exploitation of CVE-2023-4863

CVE-2023-4863 is a vulnerability related to the WebP Codec used within multiple software packages including Mozilla Firefox, Mozilla Thunderbird, Google Chrome, Microsoft Edge and many others.

Exploitation of this vulnerability in the wild has been reported across a variety of products, including Mozilla Firefox and Thunderbird.

An exploitation proof-of-concept has also been publicly released. Further exploitation is likely.

Threat updates

Date Update
22 Sep 2023 Exploitation proof-of-concept publicly released

This cyber alert has been updated to reflect this change.

Remediation advice

Affected organisations are encouraged to review the Mozilla Foundation Security Advisory 2023-40 and apply the relevant updates.

Last edited: 22 September 2023 2:37 pm