Critical Mozilla security updates following Chromium exploit

Home / Threat Intelligence bulletins / Critical Mozilla security updates following Chromium exploit

Target Industry 

Indiscriminate, opportunistic targeting. 

Overview  

Mozilla has released critical security updates for Firefox and Thunderbird addressing the issue CVE-2023-5217, which was first discovered as a Google Chrome vulnerability. The bug allows an attacker to exploit a VP8 media stream, creating a heap buffer overflow. 

Impact 

Successful exploitation of this vulnerability will result in a remote attacker creating a heap buffer overflow. This can lead to data corruption, information leakage from memory, and arbitrary code execution. 

Vulnerability Detection 

Instances of Firefox that predate the latest security update (Firefox 118.0.1, Firefox ESR 115.3.1, Firefox Focus for Android 118.1, Thunderbird 115.3.1) are vulnerable to this issue. 

Affected Products 

Firefox, Firefox ESR, Firefox Focus for Android, Firefox for Android and Thunderbird. 

Containment, Mitigations & Remediations 

All instances of Firefox and Thunderbird should be updated with the latest security patches as a matter of urgency to protect against this critical vulnerability. As this issue has affected other web browsers such as Chrome, they should also be updated to the latest versions to address this issue. 

Indicators of Compromise 

No specific Indicators of Compromise (IoCs) are available currently. However, unexpected crashes, abnormal memory usage, and anomalies in network traffic and logs, could potentially indicate compromise from exploitation of this vulnerability on systems with outdated versions of Firefox. 

Threat Landscape 

Mozilla occupies a significant proportion of the desktop browser market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to develop exploits for, browsers are a prime target. Due to the fact that these products are an integral aspect of personal and business operations, threat actors will continue to exploit vulnerabilities within these products in an attempt to exfiltrate sensitive data contained therein. 

Due to the trend of frequent vulnerability discoveries within prominent browser products, it has been assessed to be highly likely that cyber threat actors will continue to exploit these security issues to achieve their objectives. It is therefore critical that associated security updates are applied as a matter of urgency. 

Threat Group 

No attribution to specific threat actors or groups has been identified at the time of writing. 

Mitre Methodologies 

TA0002 – Execution 

Further Information 

Mozilla Foundation Security Advisory 2023-44 

CVE Record | CVE 

 

An Intelligence Terminology Yardstick to showing the likelihood of events