Security News > 2023 > September > Mozilla patches Firefox, Thunderbird against zero-day exploited in attacks
Mozilla released emergency security updates today to fix a critical zero-day vulnerability exploited in the wild, impacting its Firefox web browser and Thunderbird email client.
"Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild," Mozilla said in an advisory published on Tuesday.
Users are strongly advised to install updated versions of Firefox and Thunderbird to safeguard their systems against potential attacks.
On Thursday, Apple also patched two zero-days tagged by Citizen Lab as exploited in the wild as part of an exploit chain dubbed BLASTPASS to deploy NSO Group's Pegasus mercenary spyware onto fully patched iPhones.
Google fixes another Chrome zero-day bug exploited in attacks.
Browser developers push back on Google's "Web DRM" WEI API. Apple fixes new zero-day used in attacks against iPhones, Macs.
News URL
Related news
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- 7-Zip MotW bypass exploited in zero-day attacks against Ukraine (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language (source)
- Mozilla Revises Firefox Terms of Use After Inflaming Users Over Data Usage (source)
- Broadcom fixes three VMware zero-days exploited in attacks (source)