Mozilla fixes Firefox zero-day actively exploited in attacks
Mozilla has issued an emergency security update for the Firefox browser to address a critical use-after-free vulnerability that is currently exploited in attacks.
The vulnerability, tracked as CVE-2024-9680, and discovered by ESET researcher Damien Schaeffer, is a use-after-free in Animation timelines.
This type of flaw occurs when memory that has been freed is still used by the program, allowing malicious actors to add their own malicious data to the memory region to perform code execution.
Animation timelines, part of Firefox's Web Animations API, are a mechanism that controls and synchronizes animations on web pages.
"An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines," reads the security bulletin.
"We have had reports of this vulnerability being exploited in the wild."
The vulnerability impacts the latest Firefox (standard release) and the extended support releases (ESR).
Fixes have been made available in the below versions, which users are recommended to upgrade to immediately:
- Firefox 131.0.2
- Firefox ESR 115.16.1
- Firefox ESR 128.3.1
Given the active exploitation status for CVE-2024-9680 and the lack of any information on how people are targeted, upgrading to the latest versions is essential.
To upgrade to the latest version, launch Firefox and go to Settings -> Help -> About Firefox, and the update should start automatically. A restart of the program will be required for the changes to apply.

BleepingComputer has contacted both Mozilla and ESET to learn more about the vulnerability, how it's being exploited, and against whom, and we will update this post when we receive more information.
Throughout 2024, so far, Mozilla had to fix zero-day vulnerabilities on Firefox only once.
On March 22, the internet company released security updates to address CVE-2024-29943 and CVE-2024-29944, both critical-severity issues discovered and demonstrated by Manfred Paul during the Pwn2Own Vancouver 2024 hacking competition.
How open source SIEM and XDR tackle evolving threats
Google Joins Forces with GASA and DNS RF to Tackle Online Scams at Scale
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
InformationalInformation Disclosure - Suspicious Comments
HighPII Disclosure
Free online web security scanner