Back to KEVs

CVE-2024-9680

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of...

Basic Information

CVE State: PUBLISHED
Reserved Date: October 09, 2024
Published Date: October 09, 2024
Last Updated: November 18, 2024
Vendor: Mozilla
Product: Firefox, Firefox ESR, Thunderbird
Description: An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.

CVSS Scores

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2024-10-15 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2024-10-17 16:10:38 UTC) Source

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1923344 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039 https://www.mozilla.org/security/advisories/mfsa2024-51/ https://www.mozilla.org/security/advisories/mfsa2024-52/

Known Exploited Vulnerability Information

Source	Added Date
CISA	2024-10-15 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

tdonaworth/Firefox-CVE-2024-9680

Type: github • Created: 2024-10-17 16:10:38 UTC • Stars: 11