CVE-2024-9680

9.8

CVSS
Critical

PUBLISHED

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of...

Exploited in the wild Used in malware PoC available Remote Low complexity No user interaction

Vendor: Mozilla
Product: Firefox, Firefox ESR, Thunderbird
Published: Oct 09, 2024
EPSS: —

Description

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.

cisa malware nessus_scanner

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2024-10-15 00:00:00 UTC · Source

Used in malware

Recorded 2026-06-02 14:08:22 UTC · Source

Proof of concept available

Recorded 2024-10-17 16:10:38 UTC · Source

SSVC decision points

Exploitation: active
Automatable: Yes
Technical impact: total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Oct 15, 2024

Scanner integrations

Scanner	Reference	Detected
Nessus	https://www.tenable.com/plugins/nessus/212185	Jun 02, 2025

Recent mentions

Written by: Casey Charrier, James Sadowski, Clement Lecigne, Vlad Stolyarov Executive Summary Google Threat Intelligence Group (GTIG) tracked 75...

Google Threat Intelligence · Apr 29, 2025

Written by: Casey Charrier, James Sadowski, Clement Lecigne, Vlad Stolyarov Executive Summary Google Threat Intelligence Group (GTIG) tracked 75 zero-day vulnerabilities exploited in the wild in 2024, a decrease from the number we identified in 2023 (98 vulnerabilities), but still an increase from 2022 (63 vulnerabilities). We divided the reviewed vulnerabilities into two main categories: end-user platforms and products (e.g., mobile devices, operating systems, and browsers) and enterprise-focused technologies, such as security software and appliances. Vendors continue to drive improvements that make some zero-day exploitation harder, demonstrated by both dwindling numbers across multiple categories and reduced observed attacks against previously popular targets. At the same time, commercial surveillance vendors (CSVs) appear to be increasing their operational security practices, potentially leading to decreased attribution and detection. We see zero-day exploitation targeting a greater number and wider variety of enterprise-specific technologies, although these technologies still remain a smaller proportion of overall exploitation when compared to end-user technologies. While the historic focus on the exploitation of popular end-user technologies and their users continues, the shift toward increased targeting of enterprise-focused products will require a wider and more diverse set of vendors to increase proactive security measures in order to reduce future zero-day exploitation attempts. For a deeper look at the trends discussed in this report, along with recommendations for defenders, register for our upcoming zero-day webinar. Scope This report describes what Google Threat Intelligence Group (GTIG) knows about zero-day exploitation in 2024. We discuss how targeted vendors and exploited products drive trends that reflect threat actor goals and shifting exploitation approaches, and then closely examine several examples of zero-day exploitation from 2024 that…

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

tdonaworth/Firefox-CVE-2024-9680

github · Created 2024-10-17 16:10:38 UTC · 11 stars

Vulnerability detail