December 1, 2023

Mozilla has issued updates to its Firefox net browser and Thunderbird electronic mail shopper that repair a zero-day flaw being actively exploited.

Mozilla described the problem, labeled “CVE-2023-4863: Heap buffer overflow in libwebp,” in an advisory:

Opening a malicious WebP picture might result in a heap buffer overflow within the content material course of. We’re conscious of this situation being exploited in different merchandise within the wild.

The next variations have the repair:

Firefox 117.0.1 Firefox ESR 102.15.1 Firefox ESR 115.2.1 Thunderbird 102.15.1 Thunderbird 115.2.2

As Mozilla factors out, the problem is with the WebP library, which can also be utilized by competing net browsers. That is little question what Mozilla is referencing when its says the problem is “being exploited in different merchandise.”

For sure, all customers ought to replace instantly.