CVE-2024-9680

CRITICAL KEV RANSOMWARE

Firefox < 131.0.2 and ESR < 128.3.1 and ESR < 115.16.1 - Use-After-Free in Animation Timelines

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-9680 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added October 15, 2024, with confirmed use in ransomware campaigns. EIP tracks 3 public exploits from researchers including tdonaworth, moscovium-mc, PraiseImafidon.

AI-analyzed exploit summary The repository provides a detailed writeup on CVE-2024-9680, a use-after-free vulnerability in Firefox's CSS Animation Timeline, but does not include functional exploit code. It explains the vulnerability mechanics and potential exploitation paths.

Description

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.

Exploits (3)

nomisec WRITEUP 11 stars
by tdonaworth · poc
https://github.com/tdonaworth/Firefox-CVE-2024-9680

The repository provides a detailed writeup on CVE-2024-9680, a use-after-free vulnerability in Firefox's CSS Animation Timeline, but does not include functional exploit code. It explains the vulnerability mechanics and potential exploitation paths.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Complex
Reliability
Theoretical
Target: Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, Thunderbird < 115.16.0
No auth needed
Prerequisites: Victim must visit a malicious webpage
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 9 stars
by moscovium-mc · poc
https://github.com/moscovium-mc/Tor-0day-JavaScript-Exploit

This repository contains a proof-of-concept exploit for CVE-2024-9680, a critical use-after-free vulnerability in Firefox's animation timeline management, allowing remote code execution. The exploit leverages heap spraying and UAF triggers through SVG animation manipulation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Firefox < 131.0.2, Firefox ESR < 128.3.1, < 115.16.1, Thunderbird < 131.0.1, < 128.3.1, < 115.16.0
No auth needed
Prerequisites: Unpatched version of Firefox or Thunderbird · User interaction to visit a malicious webpage
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER 1 stars
by PraiseImafidon · poc
https://github.com/PraiseImafidon/Version_Vulnerability_Scanner

This script checks the installed versions of Mozilla Firefox and Thunderbird against known safe versions to detect outdated installations. It uses subprocess to execute version commands and compares the output with predefined safe versions.

Classification
Scanner 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Mozilla Firefox and Thunderbird
No auth needed
Prerequisites: Firefox or Thunderbird installed on the system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8

Scores

CVSS v3 9.8
EPSS 0.3257
EPSS Percentile 98.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact total

Details

CISA KEV 2024-10-15
VulnCheck KEV 2024-10-09
InTheWild.io 2024-10-09
ENISA EUVD EUVD-2024-50087
Ransomware Use Confirmed
CWE
CWE-416
Status published
Products (5)
debian/debian_linux 11.0
mozilla/firefox < 115.16.1
mozilla/firefox < 131.0.2
mozilla/thunderbird 131.0
mozilla/thunderbird < 115.16.0
Published Oct 09, 2024
KEV Added Oct 15, 2024
Tracked Since Feb 18, 2026