Mozilla fixes Firefox zero-day actively exploited in attacks

Teilen:

Mozilla has issued an emergency security update for the Firefox browser to address a critical use-after-free vulnerability that is currently exploited in attacks.

The vulnerability, tracked as CVE-2024-9680, and discovered by ESET researcher Damien Schaeffer, is a use-after-free in Animation timelines.

This type of flaw occurs when memory that has been freed is still used by the program, allowing malicious actors to add their own malicious data to the memory region to perform code execution.

Animation timelines, part of Firefox’s Web Animations API, are a mechanism that controls and synchronizes animations on web pages.

“An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines,” reads the security bulletin.

“We have had reports of this vulnerability being exploited in the wild.”

The vulnerability impacts the latest Firefox (standard release) and the extended support releases (ESR).

Fixes have been made available in the below versions, which users are recommended to upgrade to immediately:

  • Firefox 131.0.2
  • Firefox ESR 115.16.1
  • Firefox ESR 128.3.1

Given the active exploitation status for CVE-2024-9680 and the lack of any information on how people are targeted, upgrading to the latest versions is essential.

To upgrade to the latest version, launch Firefox and go to Settings -> Help -> About Firefox, and the update should start automatically. A restart of the program will be required for the changes to apply.

BleepingComputer has contacted both Mozilla and ESET to learn more about the vulnerability, how it’s being exploited, and against whom, and we will update this post when we receive more information.

Throughout 2024, so far, Mozilla had to fix zero-day vulnerabilities on Firefox only once.

On March 22, the internet company released security updates to address CVE-2024-29943 and CVE-2024-29944, both critical-severity issues discovered and demonstrated by Manfred Paul during the Pwn2Own Vancouver 2024 hacking competition.

Bill Toulas

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
10:37 am, Jan. 31, 2025
Wetter-Symbol 6°C
L: 6° | H: 7°
overcast clouds
Luftfeuchtigkeit: 92 %
Druck: 1023 mb
Wind: 3 mph S
Windböe: 0 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 100%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 7:40 am
Sonnenuntergang: 4:47 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 9:00 pm
Wetter-Symbol
6° | 7°°C 0.8 mm 80% 4 mph 98 % 1028 mb 0 mm/h
Tomorrow 9:00 pm
Wetter-Symbol
5° | 7°°C 0 mm 0% 8 mph 94 % 1029 mb 0 mm/h
So. Feb. 02 9:00 pm
Wetter-Symbol
4° | 8°°C 0 mm 0% 8 mph 83 % 1024 mb 0 mm/h
Mo. Feb. 03 9:00 pm
Wetter-Symbol
3° | 9°°C 0 mm 0% 8 mph 83 % 1026 mb 0 mm/h
Di. Feb. 04 9:00 pm
Wetter-Symbol
6° | 10°°C 0 mm 0% 11 mph 94 % 1027 mb 0 mm/h
Today 12:00 pm
Wetter-Symbol
6° | 6°°C 0.8 mm 80% 2 mph 92 % 1023 mb 0 mm/h
Today 3:00 pm
Wetter-Symbol
7° | 7°°C 0 mm 0% 4 mph 90 % 1023 mb 0 mm/h
Today 6:00 pm
Wetter-Symbol
6° | 6°°C 0 mm 0% 3 mph 93 % 1025 mb 0 mm/h
Today 9:00 pm
Wetter-Symbol
5° | 5°°C 0 mm 0% 3 mph 98 % 1028 mb 0 mm/h
Tomorrow 12:00 am
Wetter-Symbol
6° | 6°°C 0 mm 0% 5 mph 94 % 1028 mb 0 mm/h
Tomorrow 3:00 am
Wetter-Symbol
5° | 5°°C 0 mm 0% 4 mph 94 % 1029 mb 0 mm/h
Tomorrow 6:00 am
Wetter-Symbol
5° | 5°°C 0 mm 0% 3 mph 90 % 1029 mb 0 mm/h
Tomorrow 9:00 am
Wetter-Symbol
5° | 5°°C 0 mm 0% 4 mph 83 % 1029 mb 0 mm/h
Name Preis24H (%)
Bitcoin(BTC)
€100,322.66
-1.02%
Ethereum(ETH)
€3,141.22
1.55%
XRP(XRP)
€2.96
-1.14%
Fesseln(USDT)
€0.96
0.01%
Solana(SOL)
€226.66
-1.95%
USDC(USDC)
€0.96
0.00%
Dogecoin(DOGE)
€0.315112
-1.28%
Shiba Inu(SHIB)
€0.000018
0.06%
Pepe(PEPE)
€0.000013
-1.26%
Nach oben scrollen