CVE-2024-9680

CRITICAL KEV RANSOMWARE

Mozilla Firefox < 115.16.1 - Use After Free

Title source: rule

Description

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.

Exploits (3)

nomisec WRITEUP 11 stars
by tdonaworth · poc
https://github.com/tdonaworth/Firefox-CVE-2024-9680
nomisec WORKING POC 9 stars
by moscovium-mc · poc
https://github.com/moscovium-mc/Tor-0day-JavaScript-Exploit
nomisec SCANNER 1 stars
by PraiseImafidon · poc
https://github.com/PraiseImafidon/Version_Vulnerability_Scanner

References (8)

Scores

CVSS v3 9.8
EPSS 0.3081
EPSS Percentile 96.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2024-10-15
VulnCheck KEV 2024-10-09
InTheWild.io 2024-10-09
ENISA EUVD EUVD-2024-50087
Ransomware Use Confirmed
CWE
CWE-416
Status published
Products (5)
debian/debian_linux 11.0
mozilla/firefox < 115.16.1
mozilla/firefox < 131.0.2
mozilla/thunderbird 131.0
mozilla/thunderbird < 115.16.0
Published Oct 09, 2024
KEV Added Oct 15, 2024
Tracked Since Feb 18, 2026