Mozilla has rolled out an urgent security update for its Firefox browser, addressing a critical vulnerability, CVE-2024-9680, which is actively being exploited.
The flaw, a use-after-free vulnerability discovered by ESET researcher Damien Schaeffer, affects the Animation timelines feature in Firefox’s Web Animations API.
This type of vulnerability allows attackers to execute code by inserting malicious data into memory that has already been freed. According to Mozilla’s security bulletin, attackers have successfully exploited this flaw in the wild, raising concerns for Firefox users.
The affected versions include the latest Firefox standard release and the extended support releases (ESR). Mozilla has issued fixes in the following versions, which users are strongly urged to install immediately:
- Firefox 131.0.2
- Firefox ESR 115.16.1
- Firefox ESR 128.3.1
To protect against potential attacks, users should upgrade to the latest versions of Firefox by navigating to Settings -> Help -> About Firefox to start the update. A restart is required to complete the installation.
As the vulnerability is actively being exploited, upgrading to the latest version of Firefox is crucial for user safety. Mozilla has yet to release details about specific targets or methods of exploitation but has emphasized the need for swift action.
