Mozilla has patched a essential safety vulnerability in its Firefox Net browser that is being actively exploited within the wild.
Tracked as CVE-2024-9680, the vulnerability is a use-after-free difficulty in Animation timelines, with attackers exploiting it to execute arbitrary code, in keeping with Mozilla’s advisory. It carries a CVSSv3 vulnerability-severity ranking of 9.8 out of 10 and a low assault complexity (no privileges or person interplay is required to efficiently exploit the flaw), and interprets into excessive threat within the occasion of a profitable assault.
Vital bugs in Firefox, which is utilized by round 178 million individuals worldwide, are few and much between. The Net browser hasn’t needed to provide patches for such a extreme flaw since March, and solely a small quantity have been found previously few years.
The disclosure sparked a flurry of alerts from worldwide cyber businesses, together with Dutch nationwide cyber heart Nationaal Cyber Safety Centrum, and the cybersecurity facilities of Canada and Italy.
The Net browser vulnerability impacts Firefox 131.0.2, Firefox ESR 128.3.1, and Firefox ESR 115.16.1. Customers ought to improve to model 131.0.2 in Firefox and to variations 115.16.1 or 128.3.1 for Firefox ESR to repair the vulnerability and thwart potential exploitation.
