Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680)
Mozilla has pushed out an emergency update for its Firefox and Firefox ESR browsers to fix a vulnerability (CVE-2024-9680) that is being exploited in the wild.
About CVE-2024-9680
Reported by ESET malware researcher Damien Schaeffer, CVE-2024-9680 is a use-after-free vulnerability in the browser’s Animation timelines and, according to Mozilla, has been exploited to achieve code execution in the content process.
Additional details about the vulnerability or the attacks are yet to be shared.
According to Mozilla’s engineers, the versions with the fix – Firefox 131.0.2, Firefox ESR 115.16.1 and Firefox ESR 128.3.1 – have been shipped within 25 hours after the vulnerability was reported to them.
How to upgrade your Firefox?
Automatic updates are enabled in Firefox by default, so this latest security update will be delivered to most home users and implemented when they restart their browser.
Those who have turned off the option must check for updates manually (in Settings > General > Firefox Updates), and are urged to upgrade as soon as possible.
cve-2024-9680="" mozilla-firefox-use-after-free-vulnerability="" "="" title="Mozilla Firefox Use-After-Free Vulnerability">CVE-2024-9680" title="Firefox update options">
Firefox update options
In enterprise settings, automatic updates are often disabled by the organization’s IT administrators and employees usually don’t have sufficient privileges to check for and implement updates – it’s the IT department’s responsibility to implement them.
Tor Browser, which includes a modified Mozilla Firefox ESR browser, has also been updated to fix the vulnerability.
source: HelpNetSecurity
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware
November 23, 2024Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs
November 23, 2024Download: CIS Critical Security Controls v8.1
August 8, 2024