CVE-2024-9680 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Mozilla Firefox Use-After-Free Vulnerability

Exploit added

October 15, 2024

Action due

November 5, 2024

Action required

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.

References

Weakness Enumeration

CWE-ID	CWE Name
CWE-416	Use After Free

Known Affected Software Configurations

cpe:2.3:a:mozilla:firefox:67.0.1::::-:::
cpe:2.3:a:mozilla:firefox:80.0.1::::-:::
cpe:2.3:a:mozilla:firefox:81.0.2::::-:::
cpe:2.3:a:mozilla:firefox:81.0.1::::-:::
cpe:2.3:a:mozilla:firefox:82.0.3::::-:::
cpe:2.3:a:mozilla:firefox:82.0.2::::-:::
cpe:2.3:a:mozilla:firefox:82.0.1::::-:::
cpe:2.3:a:mozilla:firefox:84.0.1::::-:::
cpe:2.3:a:mozilla:firefox:86.0.1::::-:::
cpe:2.3:a:mozilla:firefox:86.0::::-:::
cpe:2.3:a:mozilla:firefox:91.0.2::::-:::
cpe:2.3:a:mozilla:firefox:92.0.1::::-:::
cpe:2.3:a:mozilla:firefox:94.0.2::::-:::
cpe:2.3:a:mozilla:firefox:95.0.2::::-:::
cpe:2.3:a:mozilla:firefox:95.0.1::::-:::
cpe:2.3:a:mozilla:firefox:96.0.3::::-:::
cpe:2.3:a:mozilla:firefox:96.0.2::::-:::
cpe:2.3:a:mozilla:firefox:96.0.1::::-:::
cpe:2.3:a:mozilla:firefox:109.0::::-:::
cpe:2.3:a:mozilla:firefox:111.0::::-:::
cpe:2.3:a:mozilla:firefox:118.0.2::::-:::
cpe:2.3:a:mozilla:firefox:118.0.1::::-:::
cpe:2.3:a:mozilla:firefox:118.0::::-:::
cpe:2.3:a:mozilla:firefox:119.0.1::::-:::
cpe:2.3:a:mozilla:firefox:120.0.1::::-:::
cpe:2.3:a:mozilla:firefox:120.0::::-:::
cpe:2.3:a:mozilla:firefox:121.0.1::::-:::
cpe:2.3:a:mozilla:firefox:122.0.1::::-:::
cpe:2.3:a:mozilla:firefox:123.0.1::::-:::
cpe:2.3:a:mozilla:firefox:123.0::::-:::
cpe:2.3:a:mozilla:firefox:124.0.2::::-:::
cpe:2.3:a:mozilla:firefox:124.0.1::::-:::
cpe:2.3:a:mozilla:firefox:124.0::::-:::
cpe:2.3:a:mozilla:firefox:125.0.3::::-:::
cpe:2.3:a:mozilla:firefox:125.0.2::::-:::
cpe:2.3:a:mozilla:firefox:125.0.1::::-:::
cpe:2.3:a:mozilla:firefox:129.0.2::::-:::
cpe:2.3:a:mozilla:firefox:129.0.1::::-:::
cpe:2.3:a:mozilla:firefox:130.0.1::::-:::
cpe:2.3:a:mozilla:firefox:130.0::::-:::
cpe:2.3:a:mozilla:firefox:131.0.3::::-:::
cpe:2.3:a:mozilla:firefox:131.0.2::::-:::
cpe:2.3:a:mozilla:firefox:131.0::::-:::
cpe:2.3:a:mozilla:firefox:129.0::::-:::
cpe:2.3:a:mozilla:firefox:128.1.0::::-:::
cpe:2.3:a:mozilla:firefox:128.0.3::::-:::
cpe:2.3:a:mozilla:firefox:128.0.2::::-:::
cpe:2.3:a:mozilla:firefox:128.0::::-:::
cpe:2.3:a:mozilla:firefox:127.0.2::::-:::
cpe:2.3:a:mozilla:firefox:127.0.1::::-:::
cpe:2.3:a:mozilla:firefox:127.0::::-:::
cpe:2.3:a:mozilla:firefox:126.0.1::::-:::
cpe:2.3:a:mozilla:firefox:126.0::::-:::
cpe:2.3:a:mozilla:firefox:122.0::::-:::
cpe:2.3:a:mozilla:firefox:121.0::::-:::
cpe:2.3:a:mozilla:firefox:119.0::::-:::
cpe:2.3:a:mozilla:firefox:117.0.1::::-:::
cpe:2.3:a:mozilla:firefox:117.0::::-:::
cpe:2.3:a:mozilla:firefox:116.0.3::::-:::
cpe:2.3:a:mozilla:firefox:116.0.2::::-:::
cpe:2.3:a:mozilla:firefox:116.0.1::::-:::
cpe:2.3:a:mozilla:firefox:116.0::::-:::
cpe:2.3:a:mozilla:firefox:115.2.1::::-:::
cpe:2.3:a:mozilla:firefox:115.2.0::::-:::
cpe:2.3:a:mozilla:firefox:115.1.0::::-:::
cpe:2.3:a:mozilla:firefox:115.0.3::::-:::
cpe:2.3:a:mozilla:firefox:115.0.2::::-:::
cpe:2.3:a:mozilla:firefox:115.0.1::::-:::
cpe:2.3:a:mozilla:firefox:115.0::::-:::
cpe:2.3:a:mozilla:firefox:114.0.2::::-:::
cpe:2.3:a:mozilla:firefox:114.0.1::::-:::
cpe:2.3:a:mozilla:firefox:114.0::::-:::
cpe:2.3:a:mozilla:firefox:113.0.2::::-:::
cpe:2.3:a:mozilla:firefox:113.0.1::::-:::
cpe:2.3:a:mozilla:firefox:113.0::::-:::
cpe:2.3:a:mozilla:firefox:112.0.2::::-:::
cpe:2.3:a:mozilla:firefox:112.0.1::::-:::
cpe:2.3:a:mozilla:firefox:112.0::::-:::
cpe:2.3:a:mozilla:firefox:111.0.1::::-:::
cpe:2.3:a:mozilla:firefox:110.0.1::::-:::
cpe:2.3:a:mozilla:firefox:110.0::::-:::
cpe:2.3:a:mozilla:firefox:109.0.1::::-:::
cpe:2.3:a:mozilla:firefox:108.0.2::::-:::
cpe:2.3:a:mozilla:firefox:108.0.1::::-:::
cpe:2.3:a:mozilla:firefox:108.0::::-:::
cpe:2.3:a:mozilla:firefox:107.0.1::::-:::
cpe:2.3:a:mozilla:firefox:107.0::::-:::
cpe:2.3:a:mozilla:firefox:106.0.5::::-:::
cpe:2.3:a:mozilla:firefox:106.0.4::::-:::
cpe:2.3:a:mozilla:firefox:106.0.3::::-:::
cpe:2.3:a:mozilla:firefox:106.0.2::::-:::
cpe:2.3:a:mozilla:firefox:106.0.1::::-:::
cpe:2.3:a:mozilla:firefox:106.0::::-:::
cpe:2.3:a:mozilla:firefox:105.0.3::::-:::
cpe:2.3:a:mozilla:firefox:105.0.2::::-:::
cpe:2.3:a:mozilla:firefox:105.0.1::::-:::
cpe:2.3:a:mozilla:firefox:105.0::::-:-::*
cpe:2.3:a:mozilla:firefox:104.0.2::::-:::
cpe:2.3:a:mozilla:firefox:104.0.1::::-:::
cpe:2.3:a:mozilla:firefox:104.0::::-:::

Details

Source:
NVD

Published:
October 9, 2024

Updated:
October 16, 2024

Risk information

CVSS v3

Base score:
9.8

Severity:

CRITICAL

Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

Not defined