Mozilla Firefox 131.0.1 security vulnerability (CVE-2024-9680)

CVE-2024-9680 is a critical vulnerability identified as a use-after-free flaw in Mozilla Firefox and Thunderbird. This vulnerability, which has been actively exploited as a zero-day, affects Firefox versions prior to 131.0.2 and Thunderbird versions prior to 131.0.1. The flaw occurs in the browsers’ handling of Animation timelines, allowing attackers to execute arbitrary code by exploiting memory mismanagement.

This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.

The vulnerability has a CVSS v3.1 score of 9.8, reflecting its severe impact on confidentiality, integrity and availability. Mozilla has addressed this issue in recent updates for both standard and extended support releases (ESR). Affected users are urged to upgrade to the latest patched versions to mitigate risksโ€‹.

See more details on: