Detections
Analytics
CVE-2024-9680
critical
Description
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.
References
https://therecord.media/firefox-sandbox-vulnerability-similar-chrome-zero-day
https://www.helpnetsecurity.com/2024/11/26/romcom-backdoor-cve-2024-9680-cve-2024-49039/
https://thehackernews.com/2024/11/romcom-exploits-zero-day-firefox-and.html
https://www.securityweek.com/recent-firefox-zero-day-exploited-against-tor-browser-users/
https://therecord.media/recently-patched-firefox-bug-being-used-against-tor-browser-users
https://therecord.media/mozilla-fixes-critical-firefox-bug-exploited-by-hackers
https://thehackernews.com/2024/10/mozilla-warns-of-active-exploitation-in.html
https://securityaffairs.com/169590/security/mozilla-firefox-actively-exploited-flaw.html
https://www.mozilla.org/security/advisories/mfsa2024-52/
https://www.mozilla.org/security/advisories/mfsa2024-51/
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039
https://lists.debian.org/debian-lts-announce/2024/10/msg00005.html