Exploit

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being actively exploited in cyberattacks.

With a CVSS base score of 9.8, the flaw is identified as Use-after-free in the Animation timeline component tracked as CVE-2024-9680 reported by Damien Schaeffer from ESET.“

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines”, reads the security advisory.“

We have had reports of this vulnerability being exploited in the wild”.

A use-after-free (UAF) vulnerability occurs when a program continues to access a previously released memory region. Unexpected behavior, crashes, or even security flaws like privilege escalation or remote code execution may result from this.

Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free

This flaw makes it possible for an attacker to execute arbitrary code inside the affected system, jeopardizing its availability, confidentiality, and integrity.

Moreover, this can result in further lateral network movement and illegal access to confidential user data.

As of right now, no information is available regarding how the vulnerability is being used in actual attacks.

Fixes Available

The following browser versions have addressed this issue:

  • Firefox 131.0.2
  • Firefox ESR 115.16.1
  • Firefox ESR 128.3.1

Users are urged to act right now and apply the patch as soon as feasible due to the critical severity of this vulnerability and its ongoing exploitation.

Strategies to Protect Websites & APIs from Malware Attack => Free Webinar

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Node.js systeminformation Package Vulnerability Exposes Millions of Systems to RCE Attacks

A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing millions…

20 hours ago

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer through…

2 days ago

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the initial…

2 days ago

Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications

A seemingly benign health app, "BMI CalculationVsn," was found on the Amazon App Store, which…

2 days ago

Lazarus Hackers Using New VNC Based Malware To Attack Organizations Worldwide

The Lazarus Group has recently employed a sophisticated attack, dubbed "Operation DreamJob," to target employees…

2 days ago

New Python NodeStealer Attacking Facebook Business To Steal Login Credentials

NodeStealer, initially a JavaScript-based malware, has evolved into a more sophisticated Python-based threat that targets…

2 days ago