Home / Threat Intelligence bulletins / Critical zero-day vulnerability discovered in Mozilla Firefox and Thunderbird 

Target Industry 

Indiscriminate, opportunistic targeting. 


Mozilla has released security updates to remediate a critical severity level zero-day vulnerability in Firefox and Thunderbird. The security flaw, tracked as CVE-2023-4863, has been actively exploited in the wild and relates to a heap buffer overflow issue in the WebP image format that could result in the implementation of arbitrary code execution when processing a specially crafted image. 


Successful exploitation of CVE-2023-4863 could allow a remote threat actor to perform an out-of-bounds memory write via a crafted HTML page, thus likely resulting in the compromise in the integrity of data on target systems. 

Vulnerability Detection 

Security updates for CVE-2023-4863 have been released by Mozilla. Previous product versions therefore remain vulnerable to potential exploitation. 

Affected Products 

  • Mozilla Firefox and Thunderbird 

Containment, Mitigations & Remediations 

Users are strongly recommended to apply the relevant security updates as soon as possible. The vulnerability has been addressed in the following product versions: 

  • Firefox version 117.0.1 
  • Firefox ESR version 115.2.1 
  • Firefox ESR version 102.15.1 
  • Thunderbird version 102.15.1 
  • Thunderbird version 115.2.2 

Indicators of Compromise 

No specific Indicators of Compromise (IoCs) are available currently. 

Threat Landscape 

Mozilla occupies a significant proportion of the desktop browser market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to develop exploits for, browsers are a prime target. Due to the fact that these products are an integral aspect of personal and business operations, threat actors will continue to exploit vulnerabilities these within these products in an attempt to exfiltrate sensitive data contained therein.  

 CVE-2023-4863 was disclosed just 24 hours following Google releasing a fix for a zero-day Chrome browser flaw (please refer to the Quorum Cyber Threat Intelligence Security Bulletin for further details). Due to the trend of frequent vulnerability discoveries within prominent browser products, it has been assessed to be highly likely that cyber threat actors will continue to exploit these security issues to achieve their objectives. It is therefore critical that and associated security updates are applied as a matter of urgency.  

Threat Group 

No attribution to specific threat actors or groups has been identified at the time of writing.  

Mitre Methodologies 


TA0002 – Execution 

Further Information 

Mozilla Security Advisory 


An Intelligence Terminology Yardstick to showing the likelihood of events