Oddbean new post about | logout
 Firefox Zero-Day Under Attack: Update Your Browser Immediately!

Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild.

The vulnerability, tracked as CVE-2024-9680, discovered by ESET researcher Damien Schaeffer, has been described as a use-after-free bug in the Animation timeline component.

"An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines," Mozilla said in a Wednesday advisory.

The issue has been addressed in the following versions of the web browser:

Firefox 131.0.2
Firefox ESR 128.3.1, and
Firefox ESR 115.16.1.

See more:
https://thehackernews.com/2024/10/mozilla-warns-of-active-exploitation-in.html

https://www.bleepingcomputer.com/news/security/mozilla-fixes-firefox-zero-day-actively-exploited-in-attacks/

#security #cve