Security Vulnerability fixed in Firefox 131.0.2, Firefox ESR 128.3.1, Firefox ESR 115.16.1

Created on 2024-10-10 10:02 and updated on 2024-10-10 10:34.

Description

The vulnerability, tracked as CVE-2024-9680, and discovered by ESET researcher Damien Schaeffer, is a use-after-free in Animation timelines.

"An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild."

A patch has been made available on Tue, 08 Oct 2024 16:25:12 +0000.

Vulnerabilities included in this bundle

CVE-2024-9680: An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timeli...

Meta

[
   {
      resources: [
         "https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/",
         "https://bugzilla.mozilla.org/show_bug.cgi?id=1923344",
         "https://hg.mozilla.org/releases/mozilla-release/rev/d2a21d941ed5a73a37b3446caa4a49e74ffe854b",
         "https://www.mozilla.org/en-US/firefox/131.0.2/releasenotes/",
      ],
   },
]

Author

Cédric Bonhomme

Combined sightings

Author	Vulnerability	Source	Type	Date