Mozilla issues emergency security update for critical Firefox vulnerability CVE-2024-9680
Mozilla has issued an emergency security update for Mozilla Firefox to address a critical vulnerability identified as CVE-2024-9680. This issue is a use-after-free flaw found in the Animation timelines of Firefox's Web Animations API, which handles web page animations. Such vulnerabilities can allow attackers to execute arbitrary code by injecting their own data, as they exploit memory that has already been freed.
Mozilla has confirmed active exploitation of this vulnerability, enabling attackers to achieve code execution within the content process. The issue affects both the latest standard Firefox release and extended support releases (ESR).
Users are urged to update immediately to the patched versions: Firefox 131.0.2, Firefox ESR 115.16.1, and Firefox ESR 128.3.1. To update, users can navigate to "Help - About Firefox" in the settings, which will initiate the update process, requiring a restart for the changes to apply.