Qatar Cyber Chiefs Warn on Mozilla RCE Bugs

The National Cyber Security Agency in Qatar is warning Adobe users to urgently apply patches following the disclosure of vulnerabilities in Mozilla’s Firefox and Thunderbird, but did not mention other affected browsers.

The vulnerability (CVE-2023-4863, CVSS 8.8) is a critical heap buffer overflow in the WebP library that allows remote code execution, which affects three versions of Firefox and two Thunderbird releases. Other browsers that support this library, including Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari, are also affected; Google last week warned that the bug had been exploited in the wild as a zero day prior to patching. WebP allows webmasters and Web developers to create smaller, richer images to improve the user's Web experience.

In a tweet, the Qatari agency recommended Mozilla browser users update, but didn't mention the other affected platforms — despite the fact ...