Monday, February 17, 2025
Homecyber securityMozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

Published on

SIEM as a Service

Follow Us on Google News

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being actively exploited in cyberattacks.

With a CVSS base score of 9.8, the flaw is identified as Use-after-free in the Animation timeline component tracked as CVE-2024-9680 reported by Damien Schaeffer from ESET.“

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines”, reads the security advisory.“

We have had reports of this vulnerability being exploited in the wild”.

A use-after-free (UAF) vulnerability occurs when a program continues to access a previously released memory region. Unexpected behavior, crashes, or even security flaws like privilege escalation or remote code execution may result from this.

Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free

This flaw makes it possible for an attacker to execute arbitrary code inside the affected system, jeopardizing its availability, confidentiality, and integrity.

Moreover, this can result in further lateral network movement and illegal access to confidential user data.

As of right now, no information is available regarding how the vulnerability is being used in actual attacks.

Fixes Available

The following browser versions have addressed this issue:

  • Firefox 131.0.2
  • Firefox ESR 115.16.1
  • Firefox ESR 128.3.1

Users are urged to act right now and apply the patch as soon as feasible due to the critical severity of this vulnerability and its ongoing exploitation.

Strategies to Protect Websites & APIs from Malware Attack => Free Webinar

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Beware! Fake Outlook Support Calls Leading to Ransomware Attacks

Telekom Security has recently uncovered a significant vishing (voice phishing) campaign targeting individuals and...

CISA Warns of Active Exploitation of Apple iOS Security Flaw

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory warning of...

Threat Actors Exploiting Modified SharpHide Tool to Conceal Registry Entries

Threat actors are leveraging a modified version of the SharpHide tool to create hidden...

IDOR Vulnerability in ExHub Allows Attackers to Alter Hosting Configurations

A security researcher recently uncovered a high-risk Insecure Direct Object Reference (IDOR) vulnerability in...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

SocGholish Malware Dropped from Hacked Web Pages using Weaponized ZIP Files

A recent wave of cyberattacks leveraging the SocGholish malware framework has been observed using...

Lazarus Group Targets Developers Worldwide with New Malware Tactic

North Korea's Lazarus Group, a state-sponsored cybercriminal organization, has launched a sophisticated global campaign...

North Korean IT Workers Penetrate Global Firms to Install System Backdoors

In a concerning escalation of cyber threats, North Korean IT operatives have infiltrated global...