- Description
- An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.
- Source
- security@mozilla.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Mozilla Firefox Use-After-Free Vulnerability
- Exploit added on
- Oct 15, 2024
- Exploit action due
- Nov 5, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
https://t.co/CkaZAoiZMU Zero-day vulnerability in Firefox and Windows Die kürzlich von der RomCom-Gruppe (auch bekannt als Storm-0978) genutzte Exploit-Kette – die eine Zero-Day-Schwachstelle in Firefox (CVE-2024-9680) und eine Privilege-Escalation-Zero-Day-Schwachstelle in M…
@B2bCyber
23 Dec 2024
43 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Zero-Day-Schwachstelle in Firefox und Windows https://t.co/IUnoXRN4Ul Die kürzlich von der RomCom-Gruppe (auch bekannt als Storm-0978) genutzte Exploit-Kette – die eine Zero-Day-Schwachstelle in Firefox (CVE-2024-9680) und eine Privilege-Escalation-Zero-Day-Schwachstelle …
@B2bCyber
23 Dec 2024
38 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/JxXsmCb7w8 https://t.co/TxtPcFl50p
@NickBla41002745
13 Dec 2024
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/f42l3yqRbw https://t.co/TjBVukkrIB
@Trej0Jass
8 Dec 2024
175 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Did you know? The RomCom APT group exploited a zero-day vulnerability in Firefox (CVE-2024-9680) with a CVSS score of 9.8! This flaw allows code execution simply by visiting a malicious website—no user interaction required! Stay vigilant! #CyberThreats #ZeroDay
@RightHandTech
8 Dec 2024
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/nCSTIcMMoQ https://t.co/s4oP1QICCW
@NickBla41002745
6 Dec 2024
160 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Russian-based cybercrime group RomCom exploited two zero-day vulnerabilities targeting Firefox and Tor Browser users in Europe and North America. The first, CVE-2024-9680, is a use-after-free flaw in Firefox’s Animation Timelines feature that enables attackers to execute code
@enfoasecurity
6 Dec 2024
219 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 RomCom Group Exploits Critical Zero-Days!🚨 CVE-2024-9680 (Firefox) CVE-2024-49039 (Windows) #CyberSecurity #ZeroDay #RomComGroup #infosec https://t.co/WtjLbdLV4T
@decrypting_sec
5 Dec 2024
168 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/dKp5G0TR3P https://t.co/lzoDqvH31f
@pcasano
4 Dec 2024
22 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/lxKOiRN55s https://t.co/RphAU50zi2
@IT_Peurico
3 Dec 2024
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/iASd6FaQgC https://t.co/pQasmud8Ez
@TechMash365
3 Dec 2024
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
گروه هکری به نام RomCom از ۲ آسیب پذیری در مرورگر Firefox و ویندوز که از نوع Zero day هستند برای Deploy کردن و استقرار backdoor بدون اینکه قربانی لازم باشد کاری انجام دهد ، استفاده کردند. کد شناسایی این آسیب پذیری ها CVE-2024-9680 می باشد. https://t.co/Poz3aKY03t https://t.co/7b
@AmirHossein_sec
2 Dec 2024
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The main idea for this #threatreport: The main idea of the text is about the discovery of a critical zero-day vulnerability, CVE-2024-9680, in Mozilla products exploited by the threat group RomCom, along with their use of another zero-day vulnerability in Windows to deploy a… htt
@rst_cloud
1 Dec 2024
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
2/11 Discover CVE-2024-9680 in @firefox 's Animation component - a critical use-after-free bug. Already patched, but were you at risk? #CyberAttack #MozillaFirefox 📈
@Eth1calHackrZ
30 Nov 2024
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/RDNXmXNeK4 https://t.co/iSot4XacYA
@Art_Capella
29 Nov 2024
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/T7yfIurPol https://t.co/HBPpPCNfJc
@dansantanna
29 Nov 2024
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/mDmm3KmWob https://t.co/4T8VA9WxIo
@Trej0Jass
29 Nov 2024
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ALERTA CRÍTICA DE CIBERSEGURIDAD 🚨 Detectado ataque del grupo ruso RomCom usando Firefox/Thunderbird: Vulnerabilidad zero-click No requiere interacción Afecta empresas en 🇪🇸 y 🇲🇽 Instala backdoor para espionaje CVE-2024-9680 / CVE-2024-49039 🧵[1/2]
@LeonelM41262107
28 Nov 2024
32 Impressions
1 Retweet
1 Like
0 Bookmarks
1 Reply
0 Quotes
#threatreport #MediumCompleteness RomCom Backdoor Attacks Use Zero-Day Exploits in Mozilla and Windows (CVE-2024-9680 & CVE-2024-49039) | 27-11-2024 Source: https://t.co/B4r38QE6R3 Key details below ↓ https://t.co/jXyrAKrhpS
@rst_cloud
28 Nov 2024
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Re: The ITW CVE-2024-9680 exploit. I don't understand the purpose of the XSLT stuff. Doesn't really seem necessary ? Or We're they using it as an alloc primitive ?
@mistymntncop
28 Nov 2024
2378 Impressions
2 Retweets
11 Likes
5 Bookmarks
1 Reply
0 Quotes
A research by #ESET has discovered that there have been multiple attacks using the recently reported CVE-2024-9680 and CVE-2024-49039 #vulnerabilities for #Firefox and #Windows https://t.co/dhAZiyvafK
@anemboca
27 Nov 2024
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom Backdoor Attacks Use Zero-Day Exploits in Mozilla and Windows (CVE-2024-9680 & CVE-2024-49039) https://t.co/kOi98IW9Ur #security #feedly
@go_stripe
27 Nov 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
FirefoxとWindowsのゼロデイをロシアハッカーRomComが悪用:CVE-2024-9680 - Codebook https://t.co/NwlMSkSAE3 #izumino_trend
@sec_trend
27 Nov 2024
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Russian hackers exploited Firefox (CVE-2024-9680, CVSS 9.8) & Windows (CVE-2024-49039, CVSS 8.8) zero-days to run malicious code. Discovered Oct 8 by ESET. Patches: Mozilla (24hrs), Microsoft (Nov 12, KB5046612). Update now! 🔒#Cybersecurity Source: https://t.co/wvEK7p3r
@ANlKsaha
27 Nov 2024
46 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
RomCom (Storm-0978) exploited @firefox (CVE-2024-9680) & @Windows (CVE-2024-49039) zero-days. - CVE-2024-9680: RCE in Firefox’s content process, bypassing Tor Browser sandbox. No interaction, low complexity. - CVE-2024-49039: Code execution outside sandbox via Windows task
@cybercitizen7
27 Nov 2024
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom Exploits Zero-Days in Firefox (CVE-2024-9680) & Windows (CVE-2024-49039) with No User Interaction Delve into the details of RomCom's sophisticated cyberattack, exploiting zero-day vulnerabilities in Firefox and Windows. https://t.co/Gy6CLvJMTv
@the_yellow_fall
27 Nov 2024
1053 Impressions
8 Retweets
20 Likes
8 Bookmarks
0 Replies
0 Quotes
Russian RomCom is exploiting twin bugs #Romcom #CVE-2024-9680 #CVE-2024-49039 https://t.co/bLzDJUnt4t
@pravin_karthik
27 Nov 2024
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
備忘 10月のFirefoxのFirefox Animation の脆弱性CVE-2024-9680は↓がパッと見た中だと1番具体的なイメージがつく。 https://t.co/lTCXnb7VgY
@ryokutyato
26 Nov 2024
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom sfrutta vulnerabilità zero-day in Firefox e Windows Sicurezza Informatica, CVE-2024-49039, CVE-2024-9680, cybercrime, Mozilla Firefox, romcom, sandbox escape, windows, zero-day https://t.co/t0HyMAHBla https://t.co/AgOwf5PbAu
@matricedigitale
26 Nov 2024
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RCE in Mozilla and Privilege Escalation in MS Windows: New Kill Chain Used in the Wild by Threat Actor. Make sure you patch your OS and web browser now! 💻 🦊 🔥 CVE-2024-9680 (CVSS score: 9.8) Firefox CVE-2024-49039 (CVSS score: 8.8) Windows Research: https://t.co/3xL7RSfWgL h
@it4sec
26 Nov 2024
162 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
This blog discusses CVE-2024-9680, a vulnerability in Firefox animations that could be exploited. https://t.co/xC5mZRFTh3 #firefox #cve
@kriwarefeed
22 Nov 2024
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-9680
@transilienceai
21 Nov 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#exploit 1. CVE-2024-9680: UaF in Firefox Animation timeline https://t.co/IRVaEaeWpj 2. CVE-2023-7261: Google Chrome Updater DosDevices LPE https://t.co/OkfCZcZkoU 3. CVE-2024-9796: WP Advanced-Search <=3.3.9 - Unauth SQLI https://t.co/nPT7YuDWuE
@ksg93rd
19 Nov 2024
153 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
2024-11-15 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― Firefox Animation CVE-2024-9680 – Dimitri Fourny https://t.co/4BebsrrqQm https://t.co/3uIMvKYvQE
@motikan2010
16 Nov 2024
157 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Analyzing Firefox Animation CVE-2024-9680 https://t.co/FOmH8ujvOj
@DimitriFourny
14 Nov 2024
9502 Impressions
35 Retweets
100 Likes
28 Bookmarks
2 Replies
0 Quotes
Actively exploited CVE : CVE-2024-9680
@transilienceai
10 Nov 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-9680
@transilienceai
8 Nov 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-9680
@transilienceai
5 Nov 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-9680
@transilienceai
4 Nov 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
"We were somewhere around the deep web, on the edge of cyberspace, when the CVEs began to take hold..." CRITICAL SECURITY ALERT: Your Browser is Having an Existential Crisis Listen up, you beautiful digital disasters. We're diving deep into CVE-2024-9680, a Firefox… https://t.c
@geeknik
2 Nov 2024
167 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9680 – Mozilla Firefox Security Vulnerability – October 2024: A critical vulnerability (CVE-2024-9680) in Mozilla Firefox exposes systems to remote code execution by exploiting memory handling flaws. Affected Platform CVE-2024-9680 affects… https://t.co/qsHJI5KQiq http
@cipherstorm
1 Nov 2024
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-9680
@transilienceai
29 Oct 2024
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-9680 has been POCed :) https://t.co/ToIwGo1YV9
@mistymntncop
28 Oct 2024
12547 Impressions
15 Retweets
172 Likes
42 Bookmarks
3 Replies
2 Quotes
A severe zero-day vulnerability, CVE-2024-9680, is affecting 178 million users globally. This flaw allows attackers to execute arbitrary code without user interaction. Immediate action is required! https://t.co/PZWrqcx91F
@Shift6Security
27 Oct 2024
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-47575 2 - CVE-2024-9680 3 - CVE-2024-38094 4 - CVE-2024-10327 5 - CVE-2024-20412 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
27 Oct 2024
90 Impressions
2 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical #Firefox vulnerability (CVE-2024-9680) actively exploited! Update now to 131.0.2 or ESR versions if you have auto-updates off. Steps: 1️⃣ Open Firefox 2️⃣ Settings > General > Firefox Updates 3️⃣ Check for updates & install 4️⃣ Restart Stay secure! 🔐 #Cyb
@n_medtech
26 Oct 2024
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security patch for CVE-2024-9680 0day addressed not one, but five distinct Use-after-Free issues around Web Animations JavaScript API of Firefox. Looking at the code, my thoughts as to WTF is going on there: - UaF1 must be the 0G - UaF2: found by variant analysis - UaF3:… https:/
@alisaesage
26 Oct 2024
4132 Impressions
7 Retweets
37 Likes
11 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-9680
@transilienceai
25 Oct 2024
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-9379 is getting exploited #inthewild. Find out more at https://t.co/EWW68rStdS CVE-2024-23113 is getting exploited #inthewild. Find out more at https://t.co/OBk251qZL6 CVE-2024-9680 is getting exploited #inthewild. Find out more at https://t.co/T2MRAPfaEw
@inthewildio
23 Oct 2024
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-9680
@transilienceai
23 Oct 2024
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"vulnerable": true,
"matchCriteriaId": "45244B45-832B-4C4A-8004-8D13C331E52B",
"versionEndExcluding": "115.16.1"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07E39FE8-1685-46D2-9E3E-2613F3852132",
"versionEndExcluding": "131.0.2"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C4AEB9BD-EB47-4F96-BC72-949023ACE8ED",
"versionEndExcluding": "128.3.1",
"versionStartIncluding": "128.1.0"
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB9A49A0-8233-46B2-894A-FAD4DC6ED563",
"versionEndExcluding": "115.16.0"
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F48D7DE7-477D-4026-B6BD-BFE2BC5382F3",
"versionEndExcluding": "128.3.1",
"versionStartIncluding": "128.0.1"
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:131.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD5E6249-26BF-4E13-87D8-B15EF63A859F"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
],
"operator": "OR"
}
]
}
]