Qatar Cyber Chiefs Warn on Mozilla RCE Bugs

  /     /     /  
Publicated : 23/11/2024   Category : security


Qatar Cyber Chiefs Warn on Mozilla RCE Bugs


The WebP vulnerability affects multiple browsers besides Firefox and Thunderbird, with active exploitation ongoing.



The National Cyber Security Agency in Qatar is warning Adobe users to urgently apply patches following the disclosure of vulnerabilities in Mozilla’s Firefox and Thunderbird, but did not mention other affected browsers.
The
vulnerability
(
CVE-2023-4863
, CVSS 8.8) is a critical heap buffer overflow in the WebP library that allows remote code execution, which affects three versions of Firefox and two Thunderbird releases. Other
browsers that support this library
, including Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari, are also affected; Google last week warned that the bug had been exploited in the wild as a zero day prior to patching.
WebP allows webmasters
and Web developers to create smaller, richer images to improve the users Web experience.
In a
tweet
, the Qatari agency recommended Mozilla browser users update, but didnt mention the other affected platforms — despite the fact that statistics show that Firefox has less than 1% of the
browser market share in Qatar
, while around 70% of users in the country use Chrome. This could suggest that active attacks specifically against Mozilla have been seen in the wild in the region, but the agency did not immediately return a request for confirmation of that from Dark Reading.
Mozillas advisory notes that exploitation in other software has been observed, but the advisory did not indicate that there had been successful attacks utilizing Firefox or Thunderbird, says Scott Caveza, staff research engineer at Tenable. Caveza confirms that both Apple and Google noted that exploitation in the wild has been observed: In the case of Apple, the vulnerability has reportedly been
utilized by the NSO Group
.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Qatar Cyber Chiefs Warn on Mozilla RCE Bugs