Security News > 2023 > September > Mozilla patches Firefox, Thunderbird against zero-day exploited in attacks

Mozilla patches Firefox, Thunderbird against zero-day exploited in attacks
2023-09-12 21:32

Mozilla released emergency security updates today to fix a critical zero-day vulnerability exploited in the wild, impacting its Firefox web browser and Thunderbird email client.

"Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild," Mozilla said in an advisory published on Tuesday.

Users are strongly advised to install updated versions of Firefox and Thunderbird to safeguard their systems against potential attacks.

On Thursday, Apple also patched two zero-days tagged by Citizen Lab as exploited in the wild as part of an exploit chain dubbed BLASTPASS to deploy NSO Group's Pegasus mercenary spyware onto fully patched iPhones.

Google fixes another Chrome zero-day bug exploited in attacks.

Browser developers push back on Google's "Web DRM" WEI API. Apple fixes new zero-day used in attacks against iPhones, Macs.


News URL

https://www.bleepingcomputer.com/news/security/mozilla-patches-firefox-thunderbird-against-zero-day-exploited-in-attacks/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Mozilla 29 13 631 583 266 1493