A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being actively exploited in cyberattacks.
With a CVSS base score of 9.8, the flaw is identified as Use-after-free in the Animation timeline component tracked as CVE-2024-9680 reported by Damien Schaeffer from ESET.“
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines”, reads the security advisory.“
We have had reports of this vulnerability being exploited in the wild”.
A use-after-free (UAF) vulnerability occurs when a program continues to access a previously released memory region. Unexpected behavior, crashes, or even security flaws like privilege escalation or remote code execution may result from this.
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free
This flaw makes it possible for an attacker to execute arbitrary code inside the affected system, jeopardizing its availability, confidentiality, and integrity.
Moreover, this can result in further lateral network movement and illegal access to confidential user data.
As of right now, no information is available regarding how the vulnerability is being used in actual attacks.
The following browser versions have addressed this issue:
Users are urged to act right now and apply the patch as soon as feasible due to the critical severity of this vulnerability and its ongoing exploitation.
Strategies to Protect Websites & APIs from Malware Attack => Free Webinar
Grayscale Investments, a prominent crypto asset manager, has reportedly suffered a data breach affecting 693,635…
A database containing over 1,000 email accounts associated with the National Health Service (NHS) has…
Researchers from Avast have uncovered a vulnerability in the cryptographic schema of the Mallox ransomware,…
A recently discovered vulnerability in Red Hat's NetworkManager, CVE-2024-8260, has raised concerns in the cybersecurity…
Tor Browser 14.0 has been officially launched. It brings significant updates and new features to…
INE Security offers essential advice to protect digital assets and enhance security. As small businesses…