If you use Firefox, you better update it to the latest version as soon as possible. Mozilla has released a small update under version 131.0.2, but it is an important one as it fixes a critical security vulnerability that allows malicious code execution on unpatched systems. The worst part is that the vulnerability is actively exploited in the wild.
The security issue in question was discovered by Damien Schaeffer from ESET. It is a use-after-free type of vulnerability, which occurs when a program continues to access a certain memory location after it was deallocated (freed). That part of memory can then be repurposed for other data, including remote code execution.
Mozilla designated the impact severity as critical, which matches the advisories issued by national cybersecurity centers in Italy, the Netherlands, and Canada. Here is how Mozilla describes the now-patched security issue in its official documentation:
CVE-2024-9680: Use-after-free in Animation timeline
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild.
The patch is available in Firefox 131.0.2, Firefox ESR 115.16.1 (for now-unsupported Windows versions and other platforms), and Firefox ESR 128.3.1 (another long-term version for supported operating systems). If you are still on Firefox 131.0, go to Menu > Help > About Firefox to force the browser to download and install the latest security patch.
For reference, release notes for Firefox 131 are available here. The most recent major update introduced tab previews, temporary website permissions, improved page translation, and more.
1 Comment - Add comment