CVE-2023-4863: Mozilla products 0-day vulnerability exploited in the wild

Mozilla vulnerability

CVE-2023-4863 is a critical vulnerability in the libwebp component of Mozilla Products that could allow a remote attacker to execute arbitrary code on the victim’s system. For those unfamiliar, libwebp is integral in handling WebP, an emerging raster graphics file format devised to replace the longstanding giants – JPEG, PNG, and GIF. This vulnerability is a heap buffer overflow, which occurs when a program writes more data to a memory buffer than it is allocated. This can cause the program to crash or, in some cases, execute arbitrary code. This flaw also affected all based-chromium browsers.

The vulnerability affects Firefox versions prior to 117.0.1, Firefox ESR versions prior to 115.2.1, and Thunderbird versions prior to 102.15.1 and 115.2.2. Mozilla has released patches for this vulnerability, so users are advised to update their browsers as soon as possible.

Mozilla wrote: “Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild.” This candid statement underscores the severity and active threat the vulnerability poses.

The attack vector for this vulnerability is opening a malicious WebP image. When Firefox or Thunderbird opens a WebP image, it calls the libwebp library to decode the image. The vulnerability exists in the way that libwebp decodes certain WebP images. If a malicious actor can trick a victim into opening a malformed WebP image, they could exploit the vulnerability to execute arbitrary code on the victim’s system.

Apple’s Security Engineering and Architecture (SEAR) team, along with The Citizen Lab at The University of Toronto’s Munk School, were instrumental in unearthing and reporting it to Mozilla.

Mozilla has not yet released any details about the attack, but they are aware that it is being exploited in the wild. This means that it is important for users to update their browsers as soon as possible to protect themselves from this vulnerability.

Here are some tips for staying safe from this vulnerability:

  • Update your browsers to the latest version as soon as possible.
  • Be careful about opening WebP images from untrusted sources.
  • Use a security solution that can detect and block malicious WebP images.