CyberInsider

Reliable cybersecurity news and resources

General

Latest News

About

CyberInsider covers the latest news in the cybersecurity and data privacy world. In addition to news, we also publish in-depth guides and resources.
See our Mission >

Critical Firefox Zero-Day Vulnerability Exploited in the Wild

By Leave a Comment
Critical Firefox Zero-Day Vulnerability Exploited in the Wild

Mozilla announced a critical vulnerability affecting its Firefox and Firefox ESR (Extended Support Release) browsers, which is being actively exploited in the wild.

The flaw, tracked as CVE-2024-9680, involves a use-after-free vulnerability in the Animation timeline subsystem. If left unpatched, this issue allows attackers to execute arbitrary code in the content process of the browser, potentially compromising user systems.

Discovery and exploitation

The vulnerability was discovered by Damien Schaeffer from ESET. In this case, a use-after-free flaw occurs when memory that has already been freed is accessed again, leading to unpredictable behavior. This type of flaw is particularly dangerous because it can be manipulated by attackers to achieve arbitrary code execution, often enabling them to run malicious code or install malware.

In the context of CVE-2024-9680, the issue lies within the handling of Animation timelines in Firefox. Attackers could potentially exploit this by crafting specially designed web content that interacts with the animation feature, triggering the use-after-free error and allowing them to execute malicious code on the victim’s device.

With Firefox serving hundreds of millions of users globally, the scope of this vulnerability is significant. Firefox ESR, widely used in enterprise environments and educational institutions for its long-term support features, is also affected. The critical nature of this vulnerability, combined with evidence of active exploitation, means that users are strongly urged to update immediately.

Affected Firefox versions and patch availability

Mozilla has issued patches for the following versions:

  • Firefox 131.0.2
  • Firefox ESR 128.3.1
  • Firefox ESR 115.16.1

These updates address the flaw and ensure the animation timeline subsystem no longer exposes users to potential code execution risks.

To upgrade the Firefox browser to the above versions, follow these steps:

  1. Open the Firefox menu by clicking the three horizontal lines in the top-right corner.
  2. Select Help and then About Firefox.
  3. Firefox will automatically check for updates and download the latest version.
  4. After downloading, click Restart to update Firefox.

About Alex Lekander

Alex is the founder and Editor-in-Chief of CyberInsider.com. His background and expertise includes digital privacy, security, and tech journalism. When he’s not working behind a screen, Alex is probably tinkering with a boat or enjoying the outdoors.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *