We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.
Reserved 2024-10-09 | Published 2024-10-09 | Updated 2024-11-18 | Assigner mozillaDate added 2024-10-15 | Due date 2024-11-05
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Use-after-free in Animation timeline
Damien Schaeffer from ESET
bugzilla.mozilla.org/show_bug.cgi?id=1923344
msrc.microsoft.com/...ide/en-US/vulnerability/CVE-2024-49039 (Windows sandbox escape detected with the in-the-wild exploit)
www.mozilla.org/security/advisories/mfsa2024-51/
www.mozilla.org/security/advisories/mfsa2024-52/
Support options