Author Topic: Firefox Zero-Day Under Attack: Update Your Browser Immediately  (Read 338 times)

0 Members and 1 Guest are viewing this topic.

Offline radiolistenerTopic starter

  • Super Contributor
  • ***
  • Posts: 4086
  • Country: 00
Firefox Zero-Day Under Attack: Update Your Browser Immediately
« on: October 11, 2024, 12:06:42 pm »


Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild.

The vulnerability, tracked as CVE-2024-9680 (CVSS score: 9.8 ), has been described as a use-after-free bug in the Animation timeline component.

"An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines," Mozilla said in a Wednesday advisory.

"We have had reports of this vulnerability being exploited in the wild."

Security researcher Damien Schaeffer from Slovakian company ESET has been credited with discovering and reporting the vulnerability.

The issue has been addressed in the following versions of the web browser -

    Firefox 131.0.2
    Firefox ESR 128.3.1, and
    Firefox ESR 115.16.1.

There are currently no details on how the vulnerability is being exploited in real-world attacks and the identity of the threat actors behind them.

That said, such remote code execution vulnerabilities could be weaponized in several ways, either as part of a watering hole attack targeting specific websites or by means of a drive-by download campaign that tricks users into visiting bogus websites.

Users are advised to update to the latest version to stay protected against active threats.

Source: https://thehackernews.com/2024/10/mozilla-warns-of-active-exploitation-in.html
« Last Edit: October 11, 2024, 12:09:49 pm by radiolistener »
 
The following users thanked this post: thm_w, I wanted a rude username

Offline Bryn

  • Regular Contributor
  • *
  • Posts: 195
  • Country: gb
    • mindsConnected
Re: Firefox Zero-Day Under Attack: Update Your Browser Immediately
« Reply #1 on: October 11, 2024, 01:46:14 pm »
Thank christ I updated my Firefox from 78 ESR yesterday (but for another reason) to 115 ESR...
 

Online SiliconWizard

  • Super Contributor
  • ***
  • Posts: 15581
  • Country: fr
Re: Firefox Zero-Day Under Attack: Update Your Browser Immediately
« Reply #2 on: October 11, 2024, 08:59:08 pm »
Use after free? I don't get it. I thought Rust had now replaced most of the legacy code? :popcorn:
 
The following users thanked this post: rhodges


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf