CVE-2024-9680

Confirmed PUBLISHED

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of...

Mozilla · Firefox, Firefox ESR, Thunderbird
Exploited in the wild Used in malware PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
9.8 Critical

At a Glance

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.

cisa nessus_scanner malware
CVE Published
Oct 09, 2024
Exploitation Reported
Oct 15, 2024
CVSS
9.8 Critical
EPSS
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
mozilla
firefox

0 to < 131.0.2

Affected
mozilla
firefox_esr

0 to < 128.3.1

Affected
mozilla
firefox_esr

0 to < 115.16.1

Affected
mozilla
firefox_esr

0 to < 128.3.1

Affected
mozilla
firefox_esr

0 to < 115.16.1

Affected
mozilla
thunderbird

0 to < 131.0.1

Affected
mozilla
thunderbird

0 to < 128.3.1

Affected
mozilla
thunderbird

0 to < 115.16.0

Affected
mozilla
thunderbird

0 to < 131.0.1

Affected
mozilla
thunderbird

0 to < 128.3.1

Affected
mozilla
thunderbird

0 to < 115.16.0

Affected
mozilla
thunderbird

0 to < 131.0.1

Affected
mozilla
thunderbird

0 to < 128.3.1

Affected
mozilla
thunderbird

0 to < 115.16.0

Affected
Mozilla
Firefox

unspecified to < 131.0.2

Affected
Mozilla
Firefox ESR

unspecified to < 128.3.1

Affected
Mozilla
Firefox ESR

unspecified to < 115.16.1

Affected
Mozilla
Thunderbird

unspecified to < 131.0.1

Affected
Mozilla
Thunderbird

unspecified to < 128.3.1

Affected
Mozilla
Thunderbird

unspecified to < 115.16.0

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.