Skip Navigation

October 10, 2024 |

Mozilla releases emergency patch for actively exploited zero-day

Last updated: December 20, 2024

Loading table of contents...

Mozilla has released an emergency patch to address an actively exploited zero-day vulnerability in its Firefox browser. The flaw, designated CVE-2024-9680, is due to a use-after-free weakness in the browser’s Animation timelines feature which is used to control and synchronize animations on web pages.

So far, Mozilla has not released any details on how and to what extent the vulnerability is being exploited, only that it could lead to remote code execution (RCE).

Blog-ThreatIntel-SignUp

Stay on top of emerging threats.

Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities. 

Sign up

The flaw impacts the latest versions of both the standard and extended support editions of Firefox. Mozilla advises impacted users to upgrade to the latest version of their browser as soon as possible.

Source: Bleeping Computer

Analysis

The lack of details from Mozilla regarding CVE-2024-7971 is likely deliberate to limit the vulnerability’s impact and buy time for affected users to install updates. Releasing further details at this time could result in additional threat actors obtaining the information they need to create and exploit the vulnerability.

CVE-2024-9680 marks the third zero-day vulnerability in Firefox discovered in 2024, and the first that has been actively exploited. The first two vulnerabilities were revealed during a hacking competition and patched by Mozilla a day later. That same competition revealed three vulnerabilities in Google Chrome, out of a total of nine found and patched this year. Several of the Chrome vulnerabilities have also been actively exploited by threat actors.

Mitigation

Field Effect’s Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in browsers like Firefox. Field Effect MDR users were automatically notified if a vulnerable version of Firefox is detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.

Field Effect strongly recommends that impacted users update to the latest version of Firefox as soon as possible, in accordance with Mozilla’s advisory.

Related Articles