A critical use-after-free vulnerability in Firefox and Firefox Extended Support Release (ESR) is being actively exploited in cyberattacks.
Mozilla has issued a warning about a critical zero-day vulnerability in Firefox, CVE-2024-9680, which is being actively exploited in cyberattacks. The flaw has a CVSS score of 9.8 and was reported by Damien Schaeffer from ESET.
This vulnerability affects the Animation timeline component of Firefox and can be exploited through a use-after-free (UAF) flaw, where attackers can access released memory.
This can lead to system crashes, privilege escalation, or remote code execution. Mozilla confirmed that the vulnerability is being exploited in real-world attacks, increasing its severity.
This flaw allows attackers to execute arbitrary code, compromising system security and potentially leading to further unauthorized access and data theft. Details on its use in real-world attacks are still unknown.
Fixes Available:
- Firefox 131.0.2
- Firefox ESR 115.16.1
- Firefox ESR 128.3.1
Users are strongly advised to apply these updates immediately due to the critical nature of the vulnerability and its active exploitation.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment