Mozilla Foundation has released the patch for a zero-day vulnerability Firefox, the flaw involves a use-after-free vulnerability in Firefox’s animation timelines, allowing attackers to execute malicious code.
The vulnerability tracked as CVE-2024-9680, in which an attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines and occurs when a program continues to use memory after it has been freed, leading to potential arbitrary code execution.
Mozilla confirms that this vulnerability being exploited in the wild and recommends users to upgrade to the latest version. Mozilla has already released patches to address the flaw in the following versions:
- Firefox 131.0.2
- Firefox ESR 115.16.1
- Firefox ESR 128.3.1
Users running older versions of Firefox, or the Extended Support Release (ESR) are strongly advised to upgrade to these latest versions immediately to mitigate the risk of exploitation.
