Overview
- Description
- An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.
- Source
- security@mozilla.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Known exploits
Data from CISA
- Vulnerability name
- Mozilla Firefox Use-After-Free Vulnerability
- Exploit added on
- Oct 15, 2024
- Exploit action due
- Nov 5, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Social media
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
2024-11-15 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― Firefox Animation CVE-2024-9680 – Dimitri Fourny https://t.co/4BebsrrqQm https://t.co/3uIMvKYvQE
@motikan2010
16 Nov 2024
157 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Analyzing Firefox Animation CVE-2024-9680 https://t.co/FOmH8ujvOj
@DimitriFourny
14 Nov 2024
9502 Impressions
35 Retweets
100 Likes
28 Bookmarks
2 Replies
0 Quotes
Actively exploited CVE : CVE-2024-9680
@transilienceai
10 Nov 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-9680
@transilienceai
8 Nov 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-9680
@transilienceai
5 Nov 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-9680
@transilienceai
4 Nov 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
"We were somewhere around the deep web, on the edge of cyberspace, when the CVEs began to take hold..." CRITICAL SECURITY ALERT: Your Browser is Having an Existential Crisis Listen up, you beautiful digital disasters. We're diving deep into CVE-2024-9680, a Firefox… https://t.c
@geeknik
2 Nov 2024
167 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9680 – Mozilla Firefox Security Vulnerability – October 2024: A critical vulnerability (CVE-2024-9680) in Mozilla Firefox exposes systems to remote code execution by exploiting memory handling flaws. Affected Platform CVE-2024-9680 affects… https://t.co/qsHJI5KQiq http
@cipherstorm
1 Nov 2024
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-9680
@transilienceai
29 Oct 2024
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-9680 has been POCed :) https://t.co/ToIwGo1YV9
@mistymntncop
28 Oct 2024
12547 Impressions
15 Retweets
172 Likes
42 Bookmarks
3 Replies
2 Quotes
A severe zero-day vulnerability, CVE-2024-9680, is affecting 178 million users globally. This flaw allows attackers to execute arbitrary code without user interaction. Immediate action is required! https://t.co/PZWrqcx91F
@Shift6Security
27 Oct 2024
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-47575 2 - CVE-2024-9680 3 - CVE-2024-38094 4 - CVE-2024-10327 5 - CVE-2024-20412 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
27 Oct 2024
90 Impressions
2 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical #Firefox vulnerability (CVE-2024-9680) actively exploited! Update now to 131.0.2 or ESR versions if you have auto-updates off. Steps: 1️⃣ Open Firefox 2️⃣ Settings > General > Firefox Updates 3️⃣ Check for updates & install 4️⃣ Restart Stay secure! 🔐 #Cyb
@n_medtech
26 Oct 2024
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security patch for CVE-2024-9680 0day addressed not one, but five distinct Use-after-Free issues around Web Animations JavaScript API of Firefox. Looking at the code, my thoughts as to WTF is going on there: - UaF1 must be the 0G - UaF2: found by variant analysis - UaF3:… https:/
@alisaesage
26 Oct 2024
4132 Impressions
7 Retweets
37 Likes
11 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-9680
@transilienceai
25 Oct 2024
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-9379 is getting exploited #inthewild. Find out more at https://t.co/EWW68rStdS CVE-2024-23113 is getting exploited #inthewild. Find out more at https://t.co/OBk251qZL6 CVE-2024-9680 is getting exploited #inthewild. Find out more at https://t.co/T2MRAPfaEw
@inthewildio
23 Oct 2024
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-9680
@transilienceai
23 Oct 2024
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) | #HelpNetSecurity #CyberSecurity https://t.co/QXXRSWDGvu
@hasdid
22 Oct 2024
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New Critical Firefox Vulnerability (CVE-2024-9680) use-after-free vulnerability in Firefox's Animation Timelines allows attackers to execute malicious code remotely. This flaw occurs when memory is improperly freed but still accessed #Cybersecurity #Firefox #Vulnerability
@CubectX
22 Oct 2024
347 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Mozilla warns of actively exploited Firefox flaw. Update to Firefox 131.0.2, Firefox ESR 128.3.1, and Firefox ESR 115.16.1 to stay protected. Critical security flaw tracked as CVE-2024-9680 allows https://t.co/OIarbm50dc
@TLDRStories
21 Oct 2024
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 High-Risk Alert for Mozilla Firefox & Thunderbird Users! ⚠️ The Indian government has flagged a critical vulnerability (CVE-2024-9680) in Mozilla Firefox and Thunderbird, which could allow hackers to take control of your system remotely! 😱 🔑 Key Details: Affects versio
@HungamaHeadline
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Security Alert: Firefox Zero-Day 🚨 #Mozilla warns of a critical vulnerability (CVE-2024-9680) in #Firefox/ESR, actively exploited in #cyberattacks. Rated 9.8 (CVSS), it allows arbitrary code execution. Read more from the GB Hackers team at https://t.co/v93axopipP https://t.
@cyforsecure
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hey Firefox friends: UPDATE NOW A CSS based RCE was found in firefox. 9.8/10 critical score. If you're not on 131.0.2, 128.3.1, or 115.16.1 then stop everything and update. Until you do, any page you visit will have the ability to root your PC. CVE-2024-9680
@xahferd
146 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Mozilla recently issued an emergency security patch for a critical zero-day vulnerability in Firefox, tracked as CVE-2024-9680. This flaw is classified as a "use-after-free" vulnerability, which occurs in the browser's Animation timelines Read more: https://t.co/r7fAW06gs0 https:
@AlashwasSec
37 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Firefox was recently hit by CVE-2024-9680, a critical level use-after-free vulnerability, also impacting browsers like Tor and Zen . Learn how use-after-free exploits can have a major impact in real-world code. https://t.co/P8O2G7Cnsd
@babyhawkfeather
114 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mozilla corrige falha crítica no Firefox que permite executar códigos arbitrários: a vulnerabilidade, rastreada como CVE-2024-9680
@baniwa_cmd
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mozilla urges all Firefox users to update their browsers immediately due to a critical vulnerability (CVE-2024-9680) being actively exploited. The flaw could allow attackers to take control of your system. Ensure your Firefox version is up to date to stay protected
@thelowbyte
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Regarding some confusion around the current Firefox 0day CVE-2024-9680. One of the devs @emiliocobos has clarified on a comment on @LowLevelTweets utube channel. https://t.co/OX1nsa7Tg0
@mistymntncop
3207 Impressions
0 Retweets
29 Likes
8 Bookmarks
4 Replies
0 Quotes
Firefox brauzerində kritik (CVE-2024-9680) boşluq aşkar olunub. #ETX #certaz #cybersecurity #xəbərdarlıq https://t.co/J54AQjGhRR
@CERTAzerbaijan
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
الثغرة الجديدة في Firefox ممكن تتستغل كمان في Tor 💬 مؤخرًا نزل تحديث لـ Firefox اللي أصلح ثغرة (CVE-2024-9680) في المتصفح كانت بتسمح بتنفيذ أكواد عشوائية من خلال الرسوم المتحركة. https://t.co/f67Bcw0X1P
@hiddenlockT
37 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E6731FAC-8C66-4219-A8AC-7C50BDD13556",
"versionEndExcluding": "131.0.2"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4900FB63-625D-497E-99C9-4F6C56651C98",
"versionEndExcluding": "115.16.1"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "132A5FBE-6A6E-42DE-9218-BB571D76F192",
"versionEndExcluding": "128.3.1",
"versionStartIncluding": "128.0"
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB9A49A0-8233-46B2-894A-FAD4DC6ED563",
"versionEndExcluding": "115.16.0"
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F48D7DE7-477D-4026-B6BD-BFE2BC5382F3",
"versionEndExcluding": "128.3.1",
"versionStartIncluding": "128.0.1"
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:131.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD5E6249-26BF-4E13-87D8-B15EF63A859F"
}
],
"operator": "OR"
}
]
}
]