Get in Touch
Indiscriminate, opportunistic targeting.
Mozilla has released critical security updates for Firefox and Thunderbird addressing the issue CVE-2023-5217, which was first discovered as a Google Chrome vulnerability. The bug allows an attacker to exploit a VP8 media stream, creating a heap buffer overflow.
Successful exploitation of this vulnerability will result in a remote attacker creating a heap buffer overflow. This can lead to data corruption, information leakage from memory, and arbitrary code execution.
Instances of Firefox that predate the latest security update (Firefox 118.0.1, Firefox ESR 115.3.1, Firefox Focus for Android 118.1, Thunderbird 115.3.1) are vulnerable to this issue.
Firefox, Firefox ESR, Firefox Focus for Android, Firefox for Android and Thunderbird.
Containment, Mitigations & Remediations
All instances of Firefox and Thunderbird should be updated with the latest security patches as a matter of urgency to protect against this critical vulnerability. As this issue has affected other web browsers such as Chrome, they should also be updated to the latest versions to address this issue.
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available currently. However, unexpected crashes, abnormal memory usage, and anomalies in network traffic and logs, could potentially indicate compromise from exploitation of this vulnerability on systems with outdated versions of Firefox.
Mozilla occupies a significant proportion of the desktop browser market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to develop exploits for, browsers are a prime target. Due to the fact that these products are an integral aspect of personal and business operations, threat actors will continue to exploit vulnerabilities within these products in an attempt to exfiltrate sensitive data contained therein.
Due to the trend of frequent vulnerability discoveries within prominent browser products, it has been assessed to be highly likely that cyber threat actors will continue to exploit these security issues to achieve their objectives. It is therefore critical that associated security updates are applied as a matter of urgency.
No attribution to specific threat actors or groups has been identified at the time of writing.
TA0002 – Execution