Mozilla fixes Firefox zero-day actively exploited in attacks

Mozilla fixes Firefox zero-day actively exploited in attacks

October 9, 2024 at 01:38PM

Mozilla released an emergency security update for Firefox to fix a critical use-after-free vulnerability (CVE-2024-9680) in Animation timelines, currently exploited in attacks. Affected versions are Firefox 131.0.2, Firefox ESR 115.16.1, and Firefox ESR 128.3.1. Users are urged to upgrade immediately for protection.

### Meeting Takeaways on Mozilla Firefox Security Update

**Emergency Security Update:**
– Mozilla released an emergency update to address a critical vulnerability in Firefox.

**Vulnerability Details:**
– **Name:** CVE-2024-9680
– **Type:** Use-after-free in Animation timelines (part of Web Animations API).
– **Discovery:** By ESET researcher Damien Schaeffer.
– **Impact:** Allows attackers to execute code by exploiting the flaw.

**Exploitation:**
– Reports indicate the vulnerability is already being exploited in the wild.

**Affected Versions:**
– Latest Firefox (standard release)
– Extended Support Releases (ESR)

**Recommended Updates:**
Users should upgrade to the following versions:
– Firefox 131.0.2
– Firefox ESR 115.16.1
– Firefox ESR 128.3.1

**Upgrading Instructions:**
– Launch Firefox, navigate to **Settings -> Help -> About Firefox.** The update should start automatically.
– A program restart is necessary for changes to take effect.

**Context:**
– Mozilla has faced zero-day vulnerabilities once this year. The previous incidents involved critical vulnerabilities addressed on March 22, 2024.

**Ongoing Communication:**
– BleepingComputer is in contact with Mozilla and ESET for more details on the vulnerability and exploitation methods and will provide updates when available.

**Action Item:**
– Immediate upgrade to the latest version of Firefox is highly recommended due to the active threat from the identified vulnerability.

Full Article