Jump to content
  • Mozilla fixes critical Firefox vulnerability exploited in the wild


    Karlston

    • 334 views
    • 2 minutes
     Share


    • 334 views
    • 2 minutes

    If you use Firefox, you better update it to the latest version as soon as possible. Mozilla has released a small update under version 131.0.2, but it is an important one as it fixes a critical security vulnerability that allows malicious code execution on unpatched systems. The worst part is that the vulnerability is actively exploited in the wild.

     

    The security issue in question was discovered by Damien Schaeffer from ESET. It is a use-after-free type of vulnerability, which occurs when a program continues to access a certain memory location after it was deallocated (freed). That part of memory can then be repurposed for other data, including remote code execution.

     

    Mozilla designated the impact severity as critical, which matches the advisories issued by national cybersecurity centers in Italy, the Netherlands, and Canada. Here is how Mozilla describes the now-patched security issue in its official documentation:

     

    CVE-2024-9680: Use-after-free in Animation timeline

     

    An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild.

    The patch is available in Firefox 131.0.2, Firefox ESR 115.16.1 (for now-unsupported Windows versions and other platforms), and Firefox ESR 128.3.1 (another long-term version for supported operating systems). If you are still on Firefox 131.0, go to Menu > Help > About Firefox to force the browser to download and install the latest security patch.

     

    For reference, release notes for Firefox 131 are available here. The most recent major update introduced tab previews, temporary website permissions, improved page translation, and more.

     

    Source

     


    RIP Matrix | Farewell my friend  :sadbye:

     

    Hope you enjoyed this news post.

    Thank you for appreciating my time and effort posting news every day for many years.

    2023: Over 5,800 news posts | 2024 (till end of September): 4,292 news posts


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...