Man
Professional
- Messages
- 3,070
- Reaction score
- 604
- Points
- 113
Traitor animation puts users' systems at risk.
Mozilla has released an emergency security update for the Firefox browser to address a critical use-after-free (UAF) vulnerability that is already being exploited in attacks.
Zero-day bug CVE-2024-9680 (CVSS score: 9.8) was discovered by ESET specialist Damien Schaffer and is related to the animation control mechanism on web pages.
Use-after-free is a type of error in which a program continues to use an already freed memory area. This allows attackers to inject malicious data into memory, which could eventually lead to arbitrary code execution. In this case, the vulnerability affects the Web Animations API, which controls animations on web pages.
According to the security bulletin, cybercriminals were able to execute code in the process of browser content by exploiting a vulnerability in the Animation timelines mechanism. Cases of exploitation of the defect have already been recorded.
The vulnerability affects the latest versions of the Firefox browser, including both standard and extended support (ESR) versions. To protect users, updates have been released in the following versions:
Due to the fact that the vulnerability is actively exploited, it is recommended to immediately update the browser to the latest version. To do this, open Firefox, go to "Settings" -> "Help" -> "About Firefox", after which the automatic update will begin. To complete the installation, you will need to restart the program. There is no information yet available on how the attackers attack users, so the update is critical.
Source
Mozilla has released an emergency security update for the Firefox browser to address a critical use-after-free (UAF) vulnerability that is already being exploited in attacks.
Zero-day bug CVE-2024-9680 (CVSS score: 9.8) was discovered by ESET specialist Damien Schaffer and is related to the animation control mechanism on web pages.
Use-after-free is a type of error in which a program continues to use an already freed memory area. This allows attackers to inject malicious data into memory, which could eventually lead to arbitrary code execution. In this case, the vulnerability affects the Web Animations API, which controls animations on web pages.
According to the security bulletin, cybercriminals were able to execute code in the process of browser content by exploiting a vulnerability in the Animation timelines mechanism. Cases of exploitation of the defect have already been recorded.
The vulnerability affects the latest versions of the Firefox browser, including both standard and extended support (ESR) versions. To protect users, updates have been released in the following versions:
- Firefox 131.0.2;
- Firefox ESR 115.16.1;
- Firefox ESR 128.3.1.
Due to the fact that the vulnerability is actively exploited, it is recommended to immediately update the browser to the latest version. To do this, open Firefox, go to "Settings" -> "Help" -> "About Firefox", after which the automatic update will begin. To complete the installation, you will need to restart the program. There is no information yet available on how the attackers attack users, so the update is critical.
Source
