Mozilla patches actively exploited flaw in Firefox
Take action: Time to patch your Mozilla Firefox browser and all Firefox based browsers (ToR, Waterfox etc). The flaw is actively exploited, so please do not delay. Patching is trivial and all tabs reopen after the patch.
Learn More
Mozilla has released an urgent security update for the Firefox browser to address a critical use-after-free vulnerability.
The flaw is tracked as CVE-2024-9680 (CVSS score 9.8). The flaw affects the Web Animations API, specifically within Firefox's animation timeline feature, which manages and synchronizes animations on websites. Discovered by ESET researcher Damien Schaeffer, the vulnerability allows attackers to inject malicious data into memory that has been freed, enabling them to execute arbitrary code within the browser's content process
The vulnerability impacts all supported versions of Firefox, including both the standard and extended support releases (ESR). Mozilla has released the following updated versions to address this issue:
- Firefox 131.0.2
- Firefox ESR 115.16.1
- Firefox ESR 128.3.1
Users are strongly advised to upgrade to these versions immediately, as there have been reports of active exploitation in the wild. Those with automatic updates should already be protected, but manual updates can be performed by navigating to Settings > Help > About Firefox to check for updates and restart the browser after the update is installed
