U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Mozilla issued an urgent Firefox update to fix an actively exploited flaw

Mozilla released an urgent Firefox update to fix a critical use-after-free vulnerability actively exploited in ongoing attacks. Mozilla released an emergency security update for its Firefox browser to address a critical use-after-free vulnerability, tracked as CVE-2024-9680, that is actively exploited in attacks. The vulnerability CVE-2024-9680 resides in Animation timelines. Firefox Animation Timelines is a feature […]

Mozilla Firefox

Mozilla released an urgent Firefox update to fix a critical use-after-free vulnerability actively exploited in ongoing attacks.

Mozilla released an emergency security update for its Firefox browser to address a critical use-after-free vulnerability, tracked as CVE-2024-9680, that is actively exploited in attacks.

The vulnerability CVE-2024-9680 resides in Animation timelines. Firefox Animation Timelines is a feature in the Firefox Developer Tools suite that allows developers to inspect, edit, and debug animations directly within the browser. It provides a visual interface for managing animations, including CSS animations and transitions, as well as those created with the Web Animations API.

An attacker could exploit this vulnerability to achieve code execution in the content process.

“An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines.” reads the advisory. “We have had reports of this vulnerability being exploited in the wild.”

The vulnerability was discovered by the security researcher Damien Schaeffer from ESET.

The vulnerability impacts Firefox 131.0.2, Firefox ESR 128.3.1, and Firefox ESR 115.16.1. Mozilla addressed the flaw with the release of Firefox 131.0.2, Firefox ESR 115.16.1, and Firefox ESR 128.3.1.

Experts urge users to upgrade to the latest version as soon as possible.

In March, Mozilla addressed two Firefox zero-day vulnerabilities, respectively tracked as CVE-2024-29944 and CVE-2024-29943, which were exploited during the Pwn2Own Vancouver 2024 hacking competition.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Mozilla)