We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-9680



Description

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.

Reserved 2024-10-09 | Published 2024-10-09 | Updated 2024-11-18 | Assigner mozilla

CISA Known Exploited Vulnerability

Date added 2024-10-15 | Due date 2024-11-05

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Problem types

Use-after-free in Animation timeline

Product status

Any version before 131.0.2
affected

Any version before 128.3.1
affected

Any version before 115.16.1
affected

Any version before 131.0.1
affected

Any version before 128.3.1
affected

Any version before 115.16.0
affected

Credits

Damien Schaeffer from ESET

References

bugzilla.mozilla.org/show_bug.cgi?id=1923344

msrc.microsoft.com/...ide/en-US/vulnerability/CVE-2024-49039 (Windows sandbox escape detected with the in-the-wild exploit)

www.mozilla.org/security/advisories/mfsa2024-51/

www.mozilla.org/security/advisories/mfsa2024-52/

cve.org (CVE-2024-9680)

nvd.nist.gov (CVE-2024-9680)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-9680

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.