Exploited Use-After-Free Code Execution in Firefox Animation Timelines
An attacker managed to run code in the content process by exploiting a use-after-free flaw in Animation timelines. This vulnerability has been reported as being exploited in the wild. It affects Firefox versions below 131.0.2, Firefox ESR below 128.3.1, and Firefox ESR below 115.16.1.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |
||
mozilla thunderbird |
||
mozilla thunderbird 131.0 |
||
debian debian linux 11.0 |
Firefox and Windows zero-days exploited by Russian RomCom hackers By Sergiu Gatlan November 26, 2024 07:13 AM 2 Russian-based RomCom cybercrime group chained two zero-day vulnerabilities in recent attacks targeting Firefox and Tor Browser users across Europe and North America. The first flaw (CVE-2024-9680) is a use-after-free bug in Firefox's animation timeline feature that allows code execution in the web browser's sandbox. Mozilla patched this vulnerability on October 9, 2024, one day afte...
SolarWinds Web Help Desk flaw is now exploited in attacks By Bill Toulas October 16, 2024 03:53 PM 0 CISA has added three flaws to its 'Known Exploited Vulnerabilities' (KEV) catalog, among which is a critical hardcoded credentials flaw in SolarWinds Web Help Desk (WHD) that the vendor fixed in late August 2024. SolarWinds Web Help Desk is an IT help desk suite used by 300,000 customers worldwide, including government agencies, large corporations, and healthcare organizations. The SolarWind...
Mozilla fixes Firefox zero-day actively exploited in attacks By Bill Toulas October 9, 2024 01:34 PM 0 Mozilla has issued an emergency security update for the Firefox browser to address a critical use-after-free vulnerability that is currently exploited in attacks. The vulnerability, tracked as CVE-2024-9680, and discovered by ESET researcher Damien Schaeffer, is a use-after-free in Animation timelines. This type of flaw occurs when memory that has been freed is still used by the program, allowi...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Also, script kiddies still a threat, Tornado Cash is back, UK firms lose billions to avoidable attacks, and more
Infosec in brief Interpol and its financial supporters in the South Korean government are back with another round of anti-cybercrime arrests via the fifth iteration of Operation HAECHI, this time nabbing more than 5,500 people suspected of scamming and seizing hundreds of millions in digital and fiat currencies. HAECHI V, an operation which ran from July to November of this year, was funded by South Korea but involved cooperation with law enforcement in 40 countries. The op targeted seven ...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Firefixed: It's maintenance time for low-complexity, high-impact security flaw Campaigners claim 'Privacy Preserving Attribution' in Firefox does the opposite
It's patch time for Firefox fans as Mozilla issues a security advisory for a critical code execution vulnerability in the browser. Mozilla said CVE-2024-9680 is a use-after-free issue in Animation timelines – the pane within the Firefox browser's Page Inspector that depicts how a given element's animation progresses. The most alarming aspect of the advisory, however, was Mozilla revealing that the vulnerability is being exploited in the wild already. Underlining the severity of the vulnerabili...