"Qatar Cyber Chiefs Warn on Mozilla RCE Bugs"
Following the disclosure of vulnerabilities in Mozilla's Firefox and Thunderbird, the National Cyber Security Agency in Qatar urges Adobe users to apply patches. However, other affected browsers were not mentioned. The vulnerability, tracked as CVE-2023-4863 with a CVSS score of 8.8, is a critical heap buffer overflow in the WebP library. It enables Remote Code Execution (RCE) and affects three versions of Firefox and two Thunderbird releases. The vulnerability also impacts other browsers supporting this library, including Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. Google recently warned that the vulnerability had been exploited in the wild as a zero-day before being patched. WebP allows administrators and web developers to create smaller, more robust images to improve user experience. This article continues to discuss the WebP vulnerability affecting multiple browsers.
Dark Reading reports "Qatar Cyber Chiefs Warn on Mozilla RCE Bugs"