Mozilla issues emergency security update for critical Firefox vulnerability CVE-2024-9680
Oct 11, 2024 at 10:09 PM

Mozilla issues emergency security update for critical Firefox vulnerability CVE-2024-9680

Mozilla has issued an emergency security update for Mozilla Firefox to address a critical vulnerability identified as CVE-2024-9680. This issue is a use-after-free flaw found in the Animation timelines of Firefox's Web Animations API, which handles web page animations. Such vulnerabilities can allow attackers to execute arbitrary code by injecting their own data, as they exploit memory that has already been freed.

Mozilla has confirmed active exploitation of this vulnerability, enabling attackers to achieve code execution within the content process. The issue affects both the latest standard Firefox release and extended support releases (ESR).

Users are urged to update immediately to the patched versions: Firefox 131.0.2, Firefox ESR 115.16.1, and Firefox ESR 128.3.1. To update, users can navigate to "Help - About Firefox" in the settings, which will initiate the update process, requiring a restart for the changes to apply.

Oct 11, 2024 by Mauricio B. Holguin

On
du
Ed_Sforzati
OnlyOpenSource found this interesting
  • ...

Mozilla Firefox is a free, open-source web browser originating from the Mozilla Application Suite. It is renowned for its privacy focus, extensive customization options, and support for thousands of third-party add-ons. Rated at 4.4, Firefox offers a robust browsing experience. Notable alternatives include Vivaldi, Waterfox, and Brave, each with unique features catering to diverse user needs.

No comments so far, maybe you want to be first?
Gu