Mozilla has recently disclosed a critical security flaw impacting their browser, Firefox and Firefox Extended Support Release (ESR), and it’s considered as an active exploitation in the wild. The term, exploitation in the wild means, its currently a threat for ordinary users. The vulnerability, categorized as CVE-2024-9680, has been described as a use-after-free bug in the Animation timeline component. From a released statement, a threat actor was able to achieve code execution by exploiting this vulnerability. A security researcher, named Damian Schaeffer from Slovakian company ESET was named as the founder and reporter of this vulnerability. Firefox versions affected are, Firefox 131.0.2, Firefox ESR 128.3.1, and Firefox ESR 115.16.1. There are currently no updates on how this new discovery is being exploited in real-world attacks and the identities of the group responsible. This vulnerability can be weaponized in several ways, such as a watering hole attack, which targets popular websites with heavy traffic and a drive-by download campaign that tricks users into visiting fake websites. It is advised that everyone update their browser to the latest version of Firefox to stay protected against active threats.
FIREFOX-ZERO DAY UNDER ATTACK
