Critical Mozilla Firefox Zero-Day Allows Code Execution
Mozilla has released patches for a critical zero-day vulnerability in its Firefox Web browser, identified as CVE-2024-9680. This use-after-free issue in Animation timelines allows attackers to execute arbitrary code without requiring any user interaction or privileges, and it has a CVSSv3 severity rating of 9.8 out of 10. The vulnerability affects Firefox versions 131.0.2, Firefox ESR 128.3.1, and Firefox ESR 115.16.1. Users are advised to update to the latest versions—131.0.2 for Firefox and 115.16.1 or 128.3.1 for Firefox ESR—to mitigate the risk of exploitation. Cybersecurity agencies from various countries have issued alerts following the disclosure of this high-risk vulnerability. Mozilla has patched a critical zero-day vulnerability in Firefox, tracked as CVE-2024-9680, which is a use-after-free issue that could allow attackers to execute arbitrary code with a severity rating of 9.8. The flaw affects several versions of Firefox and Firefox ESR, and users are urged to update their browsers immediately to prevent potential exploitation. Cybersecurity centers worldwide have issued warnings about the high-risk vulnerability. CVEs: CVE-2024-9680 [View Article](https://www.darkreading.com/cyberattacks-data-breaches/critical-mozilla-firefox-zero-day-code-execution)