CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-9680

Critical Severity
Mozilla
SVRS
92/100
CVSSv3
9.8/10
EPSS
0.09511/1

CVE-2024-9680 is a critical use-after-free vulnerability in Animation timelines that allows for arbitrary code execution. Actively exploited in the wild, CVE-2024-9680 affects multiple versions of Firefox and Thunderbird. With a SOCRadar Vulnerability Risk Score (SVRS) of 92, this vulnerability demands immediate attention and patching. The high SVRS, far exceeding the threshold of 80, emphasizes the extreme urgency due to real-world exploitation and the potential for significant impact. Successful exploitation can grant an attacker control over the affected system, leading to data breaches, malware installation, or complete system compromise. This critical vulnerability underscores the importance of promptly applying security updates for Firefox and Thunderbird to mitigate the risk.

TAGS
In The Wild
CISA KEV
Exploit Avaliable
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-10-09
LAST MODIFIED2024-11-19
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-9680 is a critical vulnerability in Firefox that allows attackers to execute arbitrary code in the content process. This vulnerability is actively exploited in the wild, and it affects Firefox versions prior to 131.0.2, Firefox ESR versions prior to 128.3.1, and Firefox ESR versions prior to 115.16.1.

Key Insights

  • High Severity: The CVSS score of 9.8 indicates that this vulnerability is highly severe and poses a significant risk to users.
  • Active Exploitation: The vulnerability is actively exploited in the wild, meaning that attackers are actively using it to compromise systems.
  • Wide Impact: The vulnerability affects a wide range of Firefox versions, including the latest stable release.
  • SVRS Score: The SVRS score of 40 indicates that this vulnerability is less severe than the CVSS score suggests. This is because the SVRS takes into account additional factors, such as the availability of exploits and the likelihood of exploitation.

Mitigation Strategies

  • Update Firefox: The most effective way to mitigate this vulnerability is to update Firefox to the latest version (131.0.2 or later).
  • Disable JavaScript: Disabling JavaScript in Firefox can help to mitigate the risk of exploitation, but it may also break some websites.
  • Use a Content Blocker: Using a content blocker can help to prevent malicious content from being loaded in Firefox.
  • Be Cautious of Suspicious Websites: Users should be cautious of visiting suspicious websites, as they may contain malicious content that could exploit this vulnerability.

Additional Information

  • Threat Actors/APT Groups: There is no information available about specific threat actors or APT groups that are actively exploiting this vulnerability.
  • Exploit Status: Active exploits have been published for this vulnerability.
  • CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has warned of this vulnerability, calling for immediate and necessary measures.
  • In the Wild: The vulnerability is actively exploited by hackers.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

TypeIndicatorDate
HOSTNAME
economistjournal.cloud2024-12-05
HOSTNAME
redjournal.cloud2024-12-05
HOSTNAME
economistjournal.cloud2024-12-05
HOSTNAME
redjournal.cloud2024-12-05
URL
https://fhlipzero.io/blogs/6_noVNC/noVNC.html2025-04-08
URL
https://ponderthebits.com/2018/02/windows-rdp-related-event-logs-identification-tracking-and-investigation/2025-04-08
URL
https://www.unicorn-engine.org/2025-04-08

Exploits

TitleSoftware LinkDate
Mozilla Firefox Use-After-Free Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-96802024-10-15
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

What Is a Zero-Day Exploit and Why Are They Dangerous?
vpnMentor2025-03-27
What Is a Zero-Day Exploit and Why Are They Dangerous? | ​The cybersecurity landscape has seen a significant escalation in threats over the past year. In the third quarter of 2024, organizations experienced an average of 1,876 cyberattacks per week, marking a 75% increase compared to the same period in 20231. What is a zero-day exploit in cybersecurity? A zero-day attack happens when hackers exploit a...​The cybersecurity landscape has seen a significant escalation in threats over the past year. In the third quarter of 2024, organizations experienced
vpnmentor.com
rss
forum
news
CVE-2024-9680 | Mozilla Firefox up to 131.0.1 Animation Timeline use after free (Nessus ID 208448)
vuldb.com2025-03-07
CVE-2024-9680 | Mozilla Firefox up to 131.0.1 Animation Timeline use after free (Nessus ID 208448) | A vulnerability was found in Mozilla Firefox up to 131.0.1. It has been classified as critical. This affects an unknown part of the component Animation Timeline Handler. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-9680. It is possible to initiate
vuldb.com
rss
forum
news
2nd December – Threat Intelligence Report
[email protected]2025-02-01
2nd December – Threat Intelligence Report | For the latest discoveries in cyber research for the week of 2nd December, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Supply chain software provider Blue Yonder was hit by a ransomware attack, disrupting services for clients like Starbucks and UK grocery chains Morrisons and Sainsbury’s. The incident affected operations such as employee […] The post 2nd December – Threat Intelligence Report appeared first on Check Point
checkpoint.com
rss
forum
news
Data Breaches Digest - Week 48 2024
Dunkie ([email protected])2025-02-01
Data Breaches Digest - Week 48 2024 | Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 25th November and 1st December 2024. 1st December <br
dbdigest.com
rss
forum
news
Russian Hackers Use Firefox and Windows Vulnerabilities in Global Cyberattack
Ridhika Singh ([email protected])2024-12-03
Russian Hackers Use Firefox and Windows Vulnerabilities in Global Cyberattack | &nbsp;<div style="text-align
blogger.com
rss
forum
news
Interpol nabs thousands, seizes millions in global cybercrime-busting op - The Register
2024-12-01
Interpol nabs thousands, seizes millions in global cybercrime-busting op - The Register | News Content: Infosec in brief Interpol and its financial supporters in the South Korean government are back with another round of anti-cybercrime arrests via the fifth iteration of Operation HAECHI, this time nabbing more than 5,500 people suspected of scamming and seizing hundreds of millions in digital and fiat currencies. HAECHI V, an operation which ran from July to November of this year, was funded by South Korea but involved cooperation with law enforcement in 40 countries. The op targeted seven types of cyber-enabled crime
google.com
rss
forum
news
Week in review: Exploitable flaws in corporate VPN clients, malware loader created with gaming engine - Help Net Security
2024-12-01
Week in review: Exploitable flaws in corporate VPN clients, malware loader created with gaming engine - Help Net Security | News Content: Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Researchers reveal exploitable flaws in corporate VPN clients Researchers have discovered vulnerabilities in the update process of Palo Alto Networks (CVE-2024-5921) and SonicWall (CVE-2024-29014) corporate VPN clients that could be exploited to remotely execute code on users’ devices. Cybercriminals used a gaming engine to create undetectable malware loader Threat actors are using an ingenious new way for covertly delivering
google.com
rss
forum
news

Social Media

Happy April Fool's Day! For anyone looking for in-the-wild samples for CVE-2024-9680 &amp; CVE-2024-49039 fullchain in Firefox, here is one of them(with some missing information): https://t.co/Mt9t0NFWxb
0
0
1
The bugzilla report for CVE-2024-9680: Use-after-free in Animation timeline is now open :). https://t.co/7hYL1sNJlY
1
1
3
@Samantha1011010 @REALSGTPIPER A recent critical use-after-free (UAF) vulnerability in Firefox's animation timelines, identified as CVE-2024-9680, was actively exploited in the wild, allowing attackers to execute code within the content process. In contrast, Chromium has implemented MiraclePtr (also known as
2
0
4
@gnukeith @blueavee yeah i know CVE-2024-9680
0
0
1
https://t.co/CkaZAoiZMU Zero-day vulnerability in Firefox and Windows Die kürzlich von der RomCom-Gruppe (auch bekannt als Storm-0978) genutzte Exploit-Kette – die eine Zero-Day-Schwachstelle in Firefox (CVE-2024-9680) und eine Privilege-Escalation-Zero-Day-Schwachstelle in M… https://t.co/bGU5Opw19y
0
0
1
Zero-Day-Schwachstelle in Firefox und Windows https://t.co/IUnoXRN4Ul Die kürzlich von der RomCom-Gruppe (auch bekannt als Storm-0978) genutzte Exploit-Kette – die eine Zero-Day-Schwachstelle in Firefox (CVE-2024-9680) und eine Privilege-Escalation-Zero-Day-Schwachstelle …
0
0
0
🚨 Did you know? The RomCom APT group exploited a zero-day vulnerability in Firefox (CVE-2024-9680) with a CVSS score of 9.8! This flaw allows code execution simply by visiting a malicious website—no user interaction required! Stay vigilant! #CyberThreats #ZeroDay
0
0
0
2/11 Discover CVE-2024-9680 in @firefox 's Animation component - a critical use-after-free bug. Already patched, but were you at risk? #CyberAttack #MozillaFirefox 📈
0
0
0
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/mDmm3KmWob https://t.co/4T8VA9WxIo
0
0
0
RomCom Exploits Zero-Days in Firefox (CVE-2024-9680) &amp; Windows (CVE-2024-49039) with No User Interaction Delve into the details of RomCom's sophisticated cyberattack, exploiting zero-day vulnerabilities in Firefox and Windows. https://t.co/Gy6CLvJMTv
0
2
6

Affected Software

Configuration 1
TypeVendorProduct
AppMozillafirefox
AppMozillathunderbird
AppMozillafirefox_esr

References

ReferenceLink
[email protected]https://bugzilla.mozilla.org/show_bug.cgi?id=1923344
[email protected]https://www.mozilla.org/security/advisories/mfsa2024-51/
[email protected]https://bugzilla.mozilla.org/show_bug.cgi?id=1923344
[email protected]https://www.mozilla.org/security/advisories/mfsa2024-51/
[email protected]https://www.mozilla.org/security/advisories/mfsa2024-52/
[email protected]https://bugzilla.mozilla.org/show_bug.cgi?id=1923344
[email protected]https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039
[email protected]https://www.mozilla.org/security/advisories/mfsa2024-51/
[email protected]https://www.mozilla.org/security/advisories/mfsa2024-52/

CWE Details

CWE IDCWE NameDescription
CWE-416Use After FreeReferencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence