---
licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0)
licence_link: https://creativecommons.org/licenses/by/4.0/
licence_restrictions: https://cert.europa.eu/legal-notice
licence_author: CERT-EU, The Cybersecurity Service for the European Union institutions, bodies, offices and agencies    
title: 'Critical Vulnerability in Firefox'
number: '2024-107'
version: '1.0'
original_date: '2024-10-09'
date: '2024-10-11'
---

_History:_

* _11/10/2024 --- v1.0 -- Initial publication_

# Summary

On October 9th, 2024, the Mozilla Foundation issued a security advisory regarding a critical use-after-free vulnerability (**CVE-2024-9680**) in Firefox [1]. 

# Technical Details

The vulnerability **CVE-2024-9680**, with a CVSS score 7.5, could allow an attacker to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. The Mozilla Foundation had reports of this vulnerability being exploited in the wild.

# Affected Products

- Firefox versions bellows 131.0.2
- Firefox ESR versions bellows 115.16.1
- Firefox ESR versions bellows 128.3.1

# Recommendations

CERT-EU strongly recommends upgrading to Firefox 131.0.2, Firefox ESR 115.16.1 or Firefox ESR 128.3.1

# References 

[1] <https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/>