Firefox Zero-Day Vulnerability Exploited: Update Your Browser Immediately
Mozilla has disclosed a critical security flaw affecting Firefox and Firefox Extended Support Release (ESR), which is currently being actively exploited.
The vulnerability, identified as CVE-2024-9680 with a CVSS score of 9.8, is a use-after-free bug in the Animation timeline component. According to Mozilla’s advisory on Wednesday, an attacker could execute code within the content process by exploiting this flaw.
Reports confirm the vulnerability has been exploited in the wild. The credit for discovering and reporting the issue goes to security researcher Damien Schaeffer from the Slovakian firm ESET.
The vulnerability has been patched in the following browser versions:
- Firefox 131.0.2
- Firefox ESR 128.3.1
- Firefox ESR 115.16.1
Details on how the vulnerability is being used in real-world attacks or the identities of the threat actors remain unknown. However, remote code execution vulnerabilities like this one can potentially be used in watering hole attacks targeting specific sites or through drive-by download campaigns that lure users into visiting malicious websites.
It is strongly recommended that users update to the latest version to protect against these active threats.
Europol Dismantles Large-Scale Phishing Operation Targeting Mobile Phone Credentials
New Phishing Attacks Exploit GitHub, Telegram Bots, and ASCII QR Codes
