CVE CVE

CVE-2024-9680

CISA Known Exploited Vulnerability (KEV)

Mozilla Firefox Use-After-Free Vulnerability

October 15, 2024

November 5, 2024

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.

Weakness Enumeration

CWE-ID CWE Name

CWE-416
Use After Free

Known Affected Software Configurations


cpe:2.3:a:mozilla:firefox:31.5.1:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:45.1.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:78.0.1:*:*:*:-:*:*:*

cpe:2.3:a:mozilla:firefox:78.0.2:*:*:*:-:*:*:*

cpe:2.3:a:mozilla:firefox:38.0:*:*:*:-:*:*:*

cpe:2.3:a:mozilla:firefox:68.0.1:*:*:*:-:*:*:*

cpe:2.3:a:mozilla:firefox:102.0:*:*:*:-:*:*:*

cpe:2.3:a:mozilla:firefox:17.0.1:*:*:*:-:*:*:*

cpe:2.3:a:mozilla:firefox:10.0.2:*:*:*:-:*:*:*

cpe:2.3:a:mozilla:firefox:17.0:*:*:*:-:*:*:*

cpe:2.3:a:mozilla:firefox:60.0.2:*:*:*:-:*:*:*

cpe:2.3:a:mozilla:firefox:24.0:*:*:*:-:*:*:*

cpe:2.3:a:mozilla:firefox:68.0.2:*:*:*:-:*:*:*

cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:-:*:*:*

cpe:2.3:a:mozilla:firefox:-:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:68.0:*:*:*:-:*:*:*

cpe:2.3:a:mozilla:firefox:45.0:*:*:*:-:*:*:*

cpe:2.3:a:mozilla:firefox:52.0:*:*:*:-:*:*:*

cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:-:*:*:*

cpe:2.3:a:mozilla:firefox:31.0:*:*:*:-:*:*:*

cpe:2.3:a:mozilla:firefox:78.0:*:*:*:-:*:*:*

cpe:2.3:a:mozilla:firefox:10.0:*:*:*:-:*:*:*

cpe:2.3:a:mozilla:firefox:10.0.1:*:*:*:-:*:*:*

cpe:2.3:a:mozilla:firefox:60.0:*:*:*:-:*:*:*

cpe:2.3:a:mozilla:firefox:60.0.1:*:*:*:-:*:*:*

cpe:2.3:a:mozilla:firefox:53.0:*:*:*:-:*:*:*

cpe:2.3:a:mozilla:firefox:45.0.1:*:*:*:-:*:*:*

cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:10.0.6:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:10.0.4:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:10.0.3:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:10.0.5:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:10.0.7:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:10.0.8:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:10.0.9:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:10.0.10:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:10.0.11:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:10.0.12:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:24.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:24.1.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:17.0.9:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:17.0.6:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:17.0.8:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:17.0.5:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:17.0.4:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:102.9.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:17.0.11:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:17.0.10:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:17.0.3:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:24.8.1:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:24.3.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:24.2.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:102.8.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:102.6.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:31.8.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:128.3.1:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:102.7.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:31.7.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:31.6.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:102.5.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:31.4.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:31.3.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:102.3.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:17.0.7:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:24.1.1:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:31.5.3:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:31.2.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:102.14.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:115.9.1:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:17.0.2:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:102.15.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:115.7.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:115.6.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:24.4.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:128.1.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:128.2.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:128.3.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:24.6.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:24.5.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:115.4.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:31.5.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:102.4.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:31.5.2:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:102.12.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:115.3.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:115.1.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:102.1.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:115.8.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:102.10.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:115.9.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:102.13.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:24.7.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:115.3.1:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:102.2.0:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:102.15.1:*:*:*:esr:*:*:*

cpe:2.3:a:mozilla:firefox:115.16.0:*:*:*:esr:*:*:*

Details

Source:
NVD
Published:
Updated:

Risk information

CVSS v3

Base score:
9.8
Severity:

CRITICAL

Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

Not defined