Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    Qatar Cyber Chiefs Warn on Mozilla RCE Bugs

    justmattgBy justmattgSeptember 19, 2023No Comments2 Mins Read

    [ad_1]

    The National Cyber Security Agency in Qatar is warning Adobe users to urgently apply patches following the disclosure of vulnerabilities in Mozilla’s Firefox and Thunderbird, but did not mention other affected browsers.

    The vulnerability (CVE-2023-4863, CVSS 8.8) is a critical heap buffer overflow in the WebP library that allows remote code execution, which affects three versions of Firefox and two Thunderbird releases. Other browsers that support this library, including Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari, are also affected; Google last week warned that the bug had been exploited in the wild as a zero day prior to patching. WebP allows webmasters and Web developers to create smaller, richer images to improve the user’s Web experience.

    In a tweet, the Qatari agency recommended Mozilla browser users update, but didn’t mention the other affected platforms — despite the fact that statistics show that Firefox has less than 1% of the browser market share in Qatar, while around 70% of users in the country use Chrome. This could suggest that active attacks specifically against Mozilla have been seen in the wild in the region, but the agency did not immediately return a request for confirmation of that from Dark Reading.

    “Mozilla’s advisory notes that exploitation in other software has been observed, but the advisory did not indicate that there had been successful attacks utilizing Firefox or Thunderbird,” says Scott Caveza, staff research engineer at Tenable. Caveza confirms that both Apple and Google noted that exploitation in the wild has been observed: In the case of Apple, the vulnerability has reportedly been utilized by the NSO Group.

    Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

    Subscribe



    [ad_2]

    Source link

    Previous ArticleNational ID Returns to Somalia, Backed By Biometrics – Identity News Digest
    Next Article ShroudedSnooper’s HTTPSnoop Backdoor Targets Middle East Telecom Companies
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑