Firefox Zero-Day Vulnerability: Urgent Update Needed to Patch CVE-2024-9680
In a recent security advisory, the Mozilla Foundation has revealed a zero-day vulnerability in its popular web browser, Firefox. Identified as CVE-2024-9680, the flaw involves a use-after-free vulnerability in Firefox’s animation timelines, allowing attackers to execute malicious code.
The vulnerability was reported by Damien Schaeffer from ESET, and Mozilla has urged all users to update their browsers immediately. “An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines,” Mozilla warns in their advisory. This kind of vulnerability occurs when a program continues to use memory after it has been freed, leading to potential arbitrary code execution.
One of the most alarming aspects of CVE-2024-9680 is that it has been exploited in active cyberattacks. Mozilla confirms, “We have had reports of this vulnerability being exploited in the wild,” highlighting the urgency of patching affected systems.
Mozilla has already released patches to address the flaw in the following versions:
- Firefox 131.0.2
- Firefox ESR 115.16.1
- Firefox ESR 128.3.1
Users running older versions of Firefox or the Extended Support Release (ESR) are strongly advised to upgrade to these latest versions immediately to mitigate the risk of exploitation. Users can verify that they are on the latest version by navigating to the “About Firefox” section in their browser’s settings, which will trigger an automatic update if needed.
