Bundle - Security Vulnerability fixed in Firefox 131.0.2, Firefox ESR 128.3.1, Firefox ESR 115.16.1

Security Vulnerability fixed in Firefox 131.0.2, Firefox ESR 128.3.1, Firefox ESR 115.16.1

Created on 2024-10-10 10:02, updated on 2024-10-10 10:34, by Cédric Bonhomme

Description

The vulnerability, tracked as CVE-2024-9680, and discovered by ESET researcher Damien Schaeffer, is a use-after-free in Animation timelines.

"An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild."

A patch has been made available on Tue, 08 Oct 2024 16:25:12 +0000.

Vulnerabilities included in this bundle

CVE-2024-9680:

Meta

[
  {
    "resources": [
      "https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/",
      "https://bugzilla.mozilla.org/show_bug.cgi?id=1923344",
      "https://hg.mozilla.org/releases/mozilla-release/rev/d2a21d941ed5a73a37b3446caa4a49e74ffe854b",
      "https://www.mozilla.org/en-US/firefox/131.0.2/releasenotes/"
    ]
  }
]

Combined detection rules

Detection rules are retrieved from Rulezet.

Combined sightings

Author	Vulnerability	Source	Type	Date