Security News > 2023 > September > Mozilla patches Firefox, Thunderbird against zero-day exploited in attacks
Mozilla released emergency security updates today to fix a critical zero-day vulnerability exploited in the wild, impacting its Firefox web browser and Thunderbird email client.
"Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild," Mozilla said in an advisory published on Tuesday.
Users are strongly advised to install updated versions of Firefox and Thunderbird to safeguard their systems against potential attacks.
On Thursday, Apple also patched two zero-days tagged by Citizen Lab as exploited in the wild as part of an exploit chain dubbed BLASTPASS to deploy NSO Group's Pegasus mercenary spyware onto fully patched iPhones.
Google fixes another Chrome zero-day bug exploited in attacks.
Browser developers push back on Google's "Web DRM" WEI API. Apple fixes new zero-day used in attacks against iPhones, Macs.
News URL
Related news
- Mozilla fixes Firefox zero-days exploited at hacking contest (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
- SAP fixes suspected Netweaver zero-day exploited in attacks (source)
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
- Google: 97 zero-days exploited in 2024, over 50% in spyware attacks (source)