Firefox Zero-Day Under Attack: Update Your Browser Immediately
Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2024-9680, has been described as a use-after-free bug in the Animation timeline component.
"An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines," Mozilla said in a Wednesday advisory.
"We have had reports of this vulnerability being exploited in the wild."
Security researcher Damien Schaeffer from Slovakian company ESET has been credited with discovering and reporting the vulnerability.
The issue has been addressed in the following versions of the web browser
- Firefox 131.0.2
- Firefox ESR 128.3.1, and
- Firefox ESR 115.16.1.
There are currently no details on how the vulnerability is being exploited and the identity of the threat actor behind them.
That said, such remote code execution vulnerabilities could be weaponized in several ways, either as part of a watering hole attack targeting specific websites or by means of a drive-by download campaign that tricks users into visiting bogus websites.
Users are advised to update to the latest version to stay protected against active threats.
source: TheHackerNews
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs
November 23, 2024Download: CIS Critical Security Controls v8.1
August 8, 2024Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024