Mozilla released an advisory this week warning users of a vulnerability affecting its popular web browser and email client.

Exploitation of the bug would allow a hacker to take control of an affected system, officials at the Cybersecurity and Infrastructure Security Agency (CISA) said in their own notice.

Tagged as CVE-2023-4863, the vulnerability was discovered by Apple Security Engineering and Architecture (SEAR) and the Citizen Lab at The University of Toronto, according to Mozilla.

Mozilla rated the vulnerability critical and said it is aware of it being exploited in other products in the wild. The company addressed the issue in patches to its Firefox, Firefox ESR and Thunderbird products.

  • notfromhere
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    Why is this possible in browsers to begin with? We need a new generation of browsers that sandbox everything like little VMs a la QubesOS

    • slazer2au@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      They already do sandboxing, just sometimes things slip through the cracks and can break free of the sandbox.