CVE-2024-9680
Mozilla Firefox Use-After-Free Vulnerability - [Actively Exploited]
Description
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.
INFO
Published Date :
Oct. 9, 2024, 1:15 p.m.
Last Modified :
Nov. 26, 2024, 7:53 p.m.
Source :
[email protected]
Remotely Exploitable :
Yes !
Impact Score :
5.9
Exploitability Score :
3.9
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in Animation timelines that allows for code execution in the content process.
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-9680
Public PoC/Exploit Available at Github
CVE-2024-9680 has a 2 public PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
Affected Products
The following products are affected by CVE-2024-9680
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-9680.
| URL | Resource |
|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=1923344 | Issue Tracking Permissions Required |
| https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039 | Not Applicable Patch Vendor Advisory |
| https://www.mozilla.org/security/advisories/mfsa2024-51/ | Vendor Advisory |
| https://www.mozilla.org/security/advisories/mfsa2024-52/ | Vendor Advisory |
| https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281992 | Issue Tracking |
| https://lists.debian.org/debian-lts-announce/2024/10/msg00005.html | Mailing List |
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
C HTML
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
security cve exploit poc vulnerability
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-9680 vulnerability anywhere in the article.
-
europa.eu
Cyber Brief 24-12 - November 2024
Cyber Brief (November 2024)December 3, 2024 - Version: 1.0TLP:CLEARExecutive summaryWe analysed 232 open source reports for this Cyber Brief1.Relating to cyber policy and law enforcement, Germany anno ... Read more
-
The Hacker News
THN Recap: Top Cybersecurity Threats, Tools and Tips (Nov 25 - Dec 1)
Cyber Threats / Weekly Recap Ever wonder what happens in the digital world every time you blink? Here's something wild - hackers launch about 2,200 attacks every single day, which means someone's tryi ... Read more
-
The Register
Interpol nabs thousands, seizes millions in global cybercrime-busting op
Infosec in brief Interpol and its financial supporters in the South Korean government are back with another round of anti-cybercrime arrests via the fifth iteration of Operation HAECHI, this time nabb ... Read more
-
Help Net Security
Week in review: Exploitable flaws in corporate VPN clients, malware loader created with gaming engine
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Researchers reveal exploitable flaws in corporate VPN clients Researchers have discovered vulnerabilit ... Read more
-
SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 48
The Good | China Spy Handed 4-Year Jail Term Good news for national security this week as the U.S. Department of Justice successfully prosecuted a 59-year-old man for spying on behalf of China. Ping L ... Read more
-
SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 48
The Good | China Spy Handed 4-Year Jail Term Good news for national security this week as the U.S. Department of Justice successfully prosecuted a 59-year-old man for spying on behalf of China. Ping L ... Read more
-
Cybersecurity News
Zero-Day in Active Directory Certificate Services: Researcher Exposes CVE-2024-49019 with PoC
Security researchers from TrustedSec have uncovered a critical zero-day vulnerability, CVE-2024-49019, affecting Active Directory Certificate Services (AD CS). This flaw exploits a feature of version ... Read more
-
Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News
Russian Hackers Exploit Firefox and Windows 0-Days to Deploy Backdoor
SUMMARY RomCom Exploits Double Zero-Day: RomCom, a Russia-linked group used previously unknown vulnerabilities in Firefox and Windows in a sophisticated attack campaign. Attack Chain: Visiting a malic ... Read more
-
The Cyber Express
Hackers Exploit Firefox and Windows Flaws: RomCom’s Advanced Attack Unveiled
A Russia-aligned hacking group, known as RomCom (also identified as Storm-0978, Tropical Scorpius, or UNC2596), has successfully exploited two zero-day vulnerabilities—one in Mozilla Firefox and anoth ... Read more
-
Cybersecurity News
RomCom Exploits Zero-Days in Firefox (CVE-2024-9680) & Windows (CVE-2024-49039) with No User Interaction
Exploit chain to compromise the victim | Image: ESETIn a recent cybersecurity report, ESET researchers have unveiled a coordinated attack by the Russia-aligned threat actor RomCom, exploiting zero-day ... Read more
-
Dark Reading
'RomCom' APT Mounts Zero-Day, Zero-Click Browser Escapes in Firefox, Tor
Source: Collection Chrisophel via Alamy Stock PhotoFor a brief window of time in October, Russian hackers had the ability to launch arbitrary code against anyone in the world using Firefox or Tor.On O ... Read more
-
Help Net Security
Researchers reveal exploitable flaws in corporate VPN clients
Researchers have discovered vulnerabilities in the update process of Palo Alto Networks (CVE-2024-5921) and SonicWall (CVE-2024-29014) corporate VPN clients that could be exploited to remotely execute ... Read more
-
security.nl
Aanvallers combineerden Firefox- en Windows-lek voor verspreiding backdoor
Aanvallers hebben een kwetsbaarheid in Mozilla Firefox en Windows gecombineerd voor het automatisch infecteren van gebruikers met een backdoor, zo laat antivirusbedrijf ESET weten. Op het moment van d ... Read more
-
BleepingComputer
Firefox and Windows zero-days exploited by Russian RomCom hackers
Russian-based RomCom cybercrime group chained two zero-day vulnerabilities in recent attacks targeting Firefox and Tor Browser users across Europe and North America. The first flaw (CVE-2024-9680) is ... Read more
-
The Hacker News
RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks
Vulnerability / Cybercrime The Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows ... Read more
-
Help Net Security
RomCom hackers chained Firefox and Windows zero-days to deliver backdoor
Russia-aligned APT group RomCom was behind attacks that leveraged CVE-2024-9680, a remote code execution flaw in Firefox, and CVE-2024-49039, an elevation of privilege vulnerability in Windows Task Sc ... Read more
-
Cybersecurity News
Iranian Cyber Group Emennet Pasargad’s Expanding Operations Targeting Global Networks
A joint cybersecurity advisory from the FBI, U.S. Department of Treasury, and Israel National Cyber Directorate has revealed new tactics employed by the Iranian cyber group Emennet Pasargad (operating ... Read more
-
Cybersecurity News
Denial-of-Service Vulnerability Found in Squid Proxy Server (CVE-2024-45802)
A recent security advisory from the SQUID project has highlighted a critical Denial-of-Service (DoS) vulnerability, tracked as CVE-2024-45802 (CVSS 7.5), in Squid, a popular open-source caching proxy ... Read more
-
Cybersecurity News
CVE-2024-20329 (CVSS 9.9): Critical Cisco ASA SSH Flaw Allows for Complete System Takeover
Cisco has issued a critical security advisory warning of a vulnerability in the SSH subsystem of its Adaptive Security Appliance (ASA) Software. This vulnerability, tracked as CVE-2024-20329 and assig ... Read more
-
Cybersecurity News
Akira Ransomware Exploit CVE-2024-40766 in SonicWall SonicOS
The attack chain | Image: S-RMThe notorious Akira ransomware group continues to adapt and refine its methods, solidifying its position as one of the most significant threats in the cyber landscape. Ac ... Read more
-
Cybersecurity News
CVE-2024-9537 (CVSS 9.8): Critical Zero-Day in ScienceLogic EM7 Leads to Rackspace Security Incident
Rackspace, a leading provider of managed cloud services, announced a security incident related to a zero-day vulnerability discovered in a third-party utility bundled with the ScienceLogic EM7 (SL1) m ... Read more
-
Cybersecurity News
HM Surf (CVE-2024-44133): macOS Flaw Exposing Cameras and Microphones to Hackers, PoC Published
In a significant discovery by Microsoft Threat Intelligence, a vulnerability in macOS, identified as CVE-2024-44133, has been found to bypass Apple’s Transparency, Consent, and Control (TCC) technolog ... Read more
-
The Cyber Express
SolarWinds, Firefox, Windows Face Active Exploitation: CISA Issues Urgent Warning
The Cybersecurity and Infrastructure Security Agency (CISA) has recently added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, emphasizing the pressing need for organizatio ... Read more
-
BleepingComputer
SolarWinds Web Help Desk flaw is now exploited in attacks
CISA has added three flaws to its 'Known Exploited Vulnerabilities' (KEV) catalog, among which is a critical hardcoded credentials flaw in SolarWinds Web Help Desk (WHD) that the vendor fixed in late ... Read more
-
TheCyberThrone
CISA KEV Catalog Update Part IV – October 2024
The US CISA has added below vulnerabilities to its Known Exploited Vulnerabilities Catalog based on the evidence of active exploitation.CVE-2024-30088 Microsoft Windows Kernel contains a time-of-check ... Read more
-
Help Net Security
Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) For October 202 ... Read more
-
Cybersecurity News
Firefox Zero-Day Vulnerability: Urgent Update Needed to Patch CVE-2024-9680
In a recent security advisory, the Mozilla Foundation has revealed a zero-day vulnerability in its popular web browser, Firefox. Identified as CVE-2024-9680, the flaw involves a use-after-free vulnera ... Read more
The following table lists the changes that have been made to the
CVE-2024-9680 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Nov. 26, 2024
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* Changed Reference Type https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281992 No Types Assigned https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281992 Issue Tracking Changed Reference Type https://lists.debian.org/debian-lts-announce/2024/10/msg00005.html No Types Assigned https://lists.debian.org/debian-lts-announce/2024/10/msg00005.html Mailing List Changed Reference Type https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039 Not Applicable https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039 Not Applicable, Patch, Vendor Advisory -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281992 Added Reference https://lists.debian.org/debian-lts-announce/2024/10/msg00005.html -
Modified Analysis by [email protected]
Nov. 19, 2024
Action Type Old Value New Value Changed Reference Type https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039 No Types Assigned https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039 Not Applicable Changed CPE Configuration OR *cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to (excluding) 131.0.2 *cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* versions up to (excluding) 115.16.1 *cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* versions from (including) 128.0 up to (excluding) 128.3.1 *cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* versions up to (excluding) 115.16.0 *cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* versions from (including) 128.0.1 up to (excluding) 128.3.1 *cpe:2.3:a:mozilla:thunderbird:131.0:*:*:*:*:*:*:* OR *cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* versions up to (excluding) 115.16.1 *cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* versions from (including) 128.1.0 up to (excluding) 128.3.1 *cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:* versions up to (excluding) 131.0.2 *cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* versions up to (excluding) 115.16.0 *cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* versions from (including) 128.0.1 up to (excluding) 128.3.1 *cpe:2.3:a:mozilla:thunderbird:131.0:*:*:*:*:*:*:* -
CVE Modified by [email protected]
Nov. 18, 2024
Action Type Old Value New Value Added Reference Mozilla Corporation https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039 [No types assigned] -
Initial Analysis by [email protected]
Oct. 16, 2024
Action Type Old Value New Value Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Changed Reference Type https://bugzilla.mozilla.org/show_bug.cgi?id=1923344 No Types Assigned https://bugzilla.mozilla.org/show_bug.cgi?id=1923344 Issue Tracking, Permissions Required Changed Reference Type https://www.mozilla.org/security/advisories/mfsa2024-51/ No Types Assigned https://www.mozilla.org/security/advisories/mfsa2024-51/ Vendor Advisory Changed Reference Type https://www.mozilla.org/security/advisories/mfsa2024-52/ No Types Assigned https://www.mozilla.org/security/advisories/mfsa2024-52/ Vendor Advisory Added CWE NIST CWE-416 Added CPE Configuration OR *cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to (excluding) 131.0.2 *cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* versions up to (excluding) 115.16.1 *cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* versions from (including) 128.0 up to (excluding) 128.3.1 *cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* versions up to (excluding) 115.16.0 *cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* versions from (including) 128.0.1 up to (excluding) 128.3.1 *cpe:2.3:a:mozilla:thunderbird:131.0:*:*:*:*:*:*:* -
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Oct. 16, 2024
Action Type Old Value New Value Added Due Date 2024-11-05 Added Date Added 2024-10-15 Added Vulnerability Name Mozilla Firefox Use-After-Free Vulnerability Added Required Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. -
CVE Modified by [email protected]
Oct. 11, 2024
Action Type Old Value New Value Changed Description An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, and Firefox ESR < 115.16.1. An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0. Added Reference Mozilla Corporation https://www.mozilla.org/security/advisories/mfsa2024-52/ [No types assigned] -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 09, 2024
Action Type Old Value New Value Added CWE CISA-ADP CWE-416 Added CVSS V3.1 CISA-ADP AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H -
CVE Received by [email protected]
Oct. 09, 2024
Action Type Old Value New Value Added Description An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, and Firefox ESR < 115.16.1. Added Reference Mozilla Corporation https://bugzilla.mozilla.org/show_bug.cgi?id=1923344 [No types assigned] Added Reference Mozilla Corporation https://www.mozilla.org/security/advisories/mfsa2024-51/ [No types assigned]
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-9680 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-9680
weaknesses.