CISA Known Exploited Vulnerability (KEV)
Mozilla Firefox Use-After-Free Vulnerability
October 15, 2024
November 5, 2024
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.
References
Weakness Enumeration
CWE-ID | CWE Name |
---|---|
CWE-416 |
Use After Free |