On September 12, Mozilla released emergency patches to address a zero-day vulnerability affecting its Firefox browser and Thunderbird email client. The patches follow reports that the vulnerability is being exploited in the wild.
The flaw, designated CVE-2023-4863, is due to a heap buffer overflow issue in the WebP code library. The opening of malicious WebP images in unpatched versions of Firefox and Thunderbird could lead to arbitrary code execution and denial-of-service through crashes.
The flaw also affects other products that use the WebP code library. One such program is Google Chrome, for which Google has already released a patch to address the flaw.
Source: Bleeping Computer
Analysis
Web browsers are a popular target for threat actors because so much sensitive data passes through them. As the primary method used to access the internet, browsers handle sensitive information like account credentials and financial information.
Although it wasn’t stated by Mozilla, it’s likely that hackers exploited this vulnerability by sending phishing emails or directing targets to websites containing malicious WebP images. From there, threat actors could potentially download further malware to the victim’s device or steal sensitive information.
Mitigation
Field Effect’s elite team of Security Intelligence professionals constantly monitors the cyber threat landscape for vulnerabilities discovered in software, such as Firefox and Thunderbird. This research contributes to the timely deployment of signatures into Covalence to detect and mitigate the exploitation of these vulnerabilities. Covalence users are automatically notified when vulnerable software is detected in their environment and are encouraged to review these AROs as quickly as possible.
Field Effect strongly encourages users of Mozilla’s Firefox and Thunderbird, as well as Google Chrome, to update to the latest versions as soon as possible.
References