Detections
Analytics

CVE-2024-9680

critical

Description

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.

References

https://www.helpnetsecurity.com/2024/11/26/romcom-backdoor-cve-2024-9680-cve-2024-49039/

https://www.bleepingcomputer.com/news/security/firefox-and-windows-zero-days-exploited-by-russian-romcom-hackers/

https://thehackernews.com/2024/11/romcom-exploits-zero-day-firefox-and.html

https://www.bleepingcomputer.com/news/security/solarwinds-web-help-desk-flaw-is-now-exploited-in-attacks/

https://www.securityweek.com/recent-firefox-zero-day-exploited-against-tor-browser-users/

https://therecord.media/recently-patched-firefox-bug-being-used-against-tor-browser-users

https://therecord.media/mozilla-fixes-critical-firefox-bug-exploited-by-hackers

https://thehackernews.com/2024/10/mozilla-warns-of-active-exploitation-in.html

https://securityaffairs.com/169590/security/mozilla-firefox-actively-exploited-flaw.html

https://www.bleepingcomputer.com/news/security/mozilla-fixes-firefox-zero-day-actively-exploited-in-attacks/

https://www.mozilla.org/security/advisories/mfsa2024-52/

https://www.mozilla.org/security/advisories/mfsa2024-51/

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039

https://lists.debian.org/debian-lts-announce/2024/10/msg00005.html

https://bugzilla.mozilla.org/show_bug.cgi?id=1923344

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281992

Details

Source: Mitre, NVD

Published: 2024-10-09

Updated: 2024-11-26

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical