Security Advisory Pulse/CVE-2024-9680
CVE-2024-9680Exploit Available

Mozilla Firefox Use-After-Free in Animation Timelines

🏭 MozillaCWE-416#Browser#Zero-Day#Use-After-Free#Code Execution
9.8Critical
010.0

Vulnerability Description

A critical use-after-free vulnerability in Mozilla Firefox's Animation Timelines implementation allows an attacker to achieve code execution in the content process via a crafted web page. Actively exploited as a zero-day in the wild.

Recommended Mitigation

Update Firefox to 131.0.2, Firefox ESR to 128.3.1, or Thunderbird to 131.0.1 immediately. This was a zero-day — immediate patching is critical.

Affected Products

Mozilla Firefox
Mozilla Firefox ESR
Mozilla Thunderbird

Version constraint: Firefox < 131.0.2, Firefox ESR < 128.3.1, Thunderbird < 131.0.1

Official References

https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/https://nvd.nist.gov/vuln/detail/CVE-2024-9680

Quick Facts

Published
2024-10-09
Last Modified
2024-10-11
Vendor
Mozilla
CWE
CWE-416
Exploit
⚠️ Public Exploit Exists

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

View on NVD← Back to Advisory Feed