Critical Firefox Vulnerability: Update Your Browser Now!

10.10.2024

 

Mozilla has disclosed a critical security vulnerability affecting Firefox and Firefox Extended Support Release (ESR) that is currently being actively exploited in the wild. The flaw, identified as CVE-2024-9680, is a use-after-free bug within the Animation timeline component.

According to Mozilla, the vulnerability allows attackers to execute code within the content process by exploiting this specific bug. In a security advisory released on Wednesday, Mozilla confirmed that there have been reports of the flaw being actively exploited in real-world scenarios.

The vulnerability was discovered and reported by cybersecurity researcher Damien Schaeffer from Slovakian security company ESET. Mozilla has addressed the issue in several updated versions of its browser, including Firefox 131.0.2, Firefox ESR 128.3.1, and Firefox ESR 115.16.1.

While no details have been revealed about how the vulnerability is being used in attacks, it poses a significant risk. Exploits like these can lead to remote code execution and could be weaponized in a variety of ways, such as through watering hole attacks on targeted websites or drive-by downloads that lure users to malicious sites.

Mozilla strongly recommends users update to the latest version of Firefox to protect themselves from these active threats.

en_USEnglish