Address: Rue de la Loi 107, 1000 Brussels, BE Tel: +32 2 295 2100

Security Advisory 2024-107

Release Date:

Critical Vulnerability in Firefox

Download

History:

  • 11/10/2024 --- v1.0 -- Initial publication

Summary

On October 9th, 2024, the Mozilla Foundation issued a security advisory regarding a critical use-after-free vulnerability (CVE-2024-9680) in Firefox [1].

Technical Details

The vulnerability CVE-2024-9680, with a CVSS score 7.5, could allow an attacker to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. The Mozilla Foundation had reports of this vulnerability being exploited in the wild.

Affected Products

  • Firefox versions bellows 131.0.2
  • Firefox ESR versions bellows 115.16.1
  • Firefox ESR versions bellows 128.3.1

Recommendations

CERT-EU strongly recommends upgrading to Firefox 131.0.2, Firefox ESR 115.16.1 or Firefox ESR 128.3.1

References

[1] https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/

We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.