Mozilla has revealed {that a} essential safety flaw impacting Firefox and Firefox Prolonged Assist Launch (ESR) has come beneath lively exploitation within the wild.
The vulnerability, tracked as CVE-2024-9680, has been described as a use-after-free bug within the Animation timeline part.
“An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines,” Mozilla stated in a Wednesday advisory.
“We have had reports of this vulnerability being exploited in the wild.”
Safety researcher Damien Schaeffer from Slovakian firm ESET has been credited with discovering and reporting the vulnerability.
The problem has been addressed within the following variations of the online browser
- Firefox 131.0.2
- Firefox ESR 128.3.1, and
- Firefox ESR 115.16.1.
There are at present no particulars on how the vulnerability is being exploited in real-world assaults and the id of the risk actors behind them.
That stated, such distant code execution vulnerabilities may very well be weaponized in a number of methods, both as a part of a watering gap assault focusing on particular web sites or via a drive-by obtain marketing campaign that tips customers into visiting bogus web sites.
Customers are suggested to replace to the newest model to remain protected towards lively threats.
