Mozilla has patched a important safety vulnerability in its Firefox Internet browser that is being actively exploited within the wild.
Tracked as CVE-2024-9680, the vulnerability is a use-after-free difficulty in Animation timelines, with attackers exploiting it to execute arbitrary code, in line with Mozilla’s advisory. It carries a CVSSv3 vulnerability-severity ranking of 9.8 out of 10 and a low assault complexity (no privileges or consumer interplay is required to efficiently exploit the flaw), and interprets into excessive danger within the occasion of a profitable assault.
Vital bugs in Firefox, which is utilized by round 178 million individuals worldwide, are few and much between. The Internet browser hasn’t needed to provide patches for such a extreme flaw since March, and solely a small quantity have been found prior to now few years.
The disclosure sparked a flurry of alerts from worldwide cyber companies, together with Dutch nationwide cyber middle Nationaal Cyber Safety Centrum, and the cybersecurity facilities of Canada and Italy.
The Internet browser vulnerability impacts Firefox 131.0.2, Firefox ESR 128.3.1, and Firefox ESR 115.16.1. Customers ought to improve to model 131.0.2 in Firefox and to variations 115.16.1 or 128.3.1 for Firefox ESR to repair the vulnerability and thwart potential exploitation.
