Mozilla warns of critical Firefox security flaw, so patch immediately
Firefox bug allowed threat actors to run remote code execution attacks against vulnerable endpoints
· TechRadarNews By Sead Fadilpašić published 10 October 2024
Mozilla has just patched a major vulnerability in its Firefox browser that was apparently being abused in the wild.
In a short security advisory, the company said it discovered a use-after-free vulnerability in Animation timelines.
This bug, tracked as CVE-2024-9680, does not yet have a severity rating, but is being abused to achieve remote code execution (RCE), which means crooks can use it to deploy malware on vulnerable devices, and possibly even take them over, entirely.
Drive-by, XSS, and more
"We have had reports of this vulnerability being exploited in the wild,” Mozilla said in the advisory, adding both Firefox and Firefox Extended Support Release (ESR) are vulnerable, so users are advised to patch to these versions immediately:
Firefox 131.0.2
Firefox ESR 128.3.1, and
Firefox ESR 115.16.1.
There are currently no reports on who, or how, is exploiting this bug, but looking at similar recent issues, there are several ways the vulnerability could be abused, including a watering hole attack targeting specific websites, or a drive-by download campaign that tricks people into visiting the wrong website.
Browsers are an indispensable part of every computer these days, and as such, they are basically omnipresent. This makes them an extremely popular target for cybercriminals looking for a way onto a network and into a device. Firefox, with more than 250 million monthly active users, is one of the most popular products in its category, having been downloaded more than 2 billion times globally.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors