Advisory addresses one critical vulnerability

Threat ID:CC-4562

Threat Severity:Medium

Published:10 October 2024 3:51 PM

Summary

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 131.0.2

Mozilla Firefox

Versions: all prior to 115.16.1 and 128.3.1

Mozilla Firefox ESR

Threat details

Exploitation of CVE-2024-9680

Mozilla has observed exploitation of CVE-2024-9680 in the wild.

Introduction

Mozilla has released security updates to address one critical vulnerability in Firefox and Firefox ESR.

CVE-2024-9680 is a use-after-free vulnerability in Animation timelines and has a CVSSv3 score of 9.8. Exploitation could allow a remote, unauthenticated attacker to achieve code execution.

Remediation advice

Affected organisations are encouraged to review the Mozilla Foundation Security Advisory mfsa2024-51 and apply the relevant updates.

Definitive source of threat updates

https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/

CVE Vulnerabilities

StatusPublished

CVE-2024-9680An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, and Firefox ESR < 115.16.1.

Last edited: 10 October 2024 3:51 pm