CVE-2024-9680NVD

Vulnerability Summary

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.

Severity Level

CRITICAL(9.8)

Published Date

Oct 9, 2024

Last Modified

Nov 26, 2024

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-416: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://bugzilla.mozilla.org/show_bug.cgi?id=1923344
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039
https://www.mozilla.org/security/advisories/mfsa2024-51/
https://www.mozilla.org/security/advisories/mfsa2024-52/
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281992
https://lists.debian.org/debian-lts-announce/2024/10/msg00005.html

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2024-9680NVD

Vulnerability Summary

External References