Mozilla Firefox Vulnerability: Code Execution through Animation Timelines

CVE-2024-9680

9.8CRITICAL

Key Information

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 9 October 2024

Badges

🔥 No. 1 Trending😄 Trended👾 Exploit Exists📰 News Worthy

Summary

The Mozilla Firefox emergency update was released to fix a vulnerability (CVE-2024-9680) being exploited in the wild. This is a use-after-free vulnerability in the browser's Animation timelines which has been exploited to achieve code execution in the content process. The severity of the vulnerability is highlighted by the impact ratings from the National Vulnerability Database (NVD), the Dutch national cyber center, and Italy's advisory, with all indicating high potential damage from a successful attack. The update patches are available for Firefox and Firefox ESR, and organizations are urged to upgrade as soon as possible to mitigate the risk of exploitation.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-9680 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Firefox < 131.0.2

Firefox ESR < 128.3.1

Firefox ESR < 115.16.1

News Articles

theshaco.com

CVE-2024-9680

Vulnerabilities - The Shaco: Your Source for Infosec, Bug Bounties, and Tech News.

Explore The Shaco for cutting-edge insights into cybersecurity, ethical hacking, and infosec. Stay updated on bug bounties, technology news, and pro hacking tips to secure the digital world. Join a community dedicated to ethical hacking and advanced security practices.

3 weeks ago