Mozilla has revealed {that a} important security flaw impacting Firefox and Firefox Prolonged Help Launch (ESR) has come underneath energetic exploitation within the wild.
The vulnerability, tracked as CVE-2024-9680, has been described as a use-after-free bug within the Animation timeline element.
“An attacker was in a position to obtain code execution within the content material course of by exploiting a use-after-free in Animation timelines,” Mozilla mentioned in a Wednesday advisory.
“We’ve had reviews of this vulnerability being exploited within the wild.”
Safety researcher Damien Schaeffer from Slovakian firm ESET has been credited with discovering and reporting the vulnerability.
The problem has been addressed within the following variations of the net browser
- Firefox 131.0.2
- Firefox ESR 128.3.1, and
- Firefox ESR 115.16.1.
There are at the moment no particulars on how the vulnerability is being exploited in real-world assaults and the identification of the menace actors behind them.
That mentioned, such distant code execution vulnerabilities could possibly be weaponized in a number of methods, both as a part of a watering gap assault focusing on particular web sites or via a drive-by obtain marketing campaign that methods customers into visiting bogus web sites.
Customers are suggested to replace to the newest model to remain protected in opposition to energetic threats.
