Mozilla has released an urgent update for Firefox to fix a critical security vulnerability that is currently being exploited in the wild. The vulnerability, known as CVE-2024-9680, is a use-after-free vulnerability in Firefox’s Animation timelines, which is a core feature that manages web animations.

As highlighted by Bleeping Computer, ESET researcher Damien Schaeffer discovered a bug that allows attackers to inject malicious code into improperly freed memory regions, resulting in code execution. Mozilla’s security bulletin confirmed that the vulnerability has been used in attacks, so users should update their browsers immediately.

The affected versions include the latest Firefox release and its extended support versions (ESR). Mozilla has addressed the issue in Firefox 131.0.2, Firefox ESR 115.16.1, and Firefox ESR 128.3.1.

To safeguard your system, update your browser by going to Settings -> Help -> About Firefox, where the update will automatically download. A quick restart will apply the fix.

This is the second time in 2024 that Mozilla has had to address a critical zero-day exploit. Given the active exploitation, don’t delay—update now to protect your browser and system from potential attacks. In case you stumbled upon this article but use Chrome, you too should update your browser to the latest version which patches the CVE-2024-9602 and CVE-2024-9603 exploits.

Dwayne Cubbins
357 Posts

For nearly a decade, I've been deciphering the complexities of the tech world, with a particular passion for helping users navigate the ever-changing tech landscape. From crafting in-depth guides that unlock your phone's hidden potential to uncovering and explaining the latest bugs and glitches, I make sure you get the most out of your devices. And yes, you might occasionally find me ranting about some truly frustrating tech mishaps.

Comments

Follow Us