Skip to main content

Mozilla Products Remote Code Execution Vulnerability

Last Update Date: 14 Oct 2024 Release Date: 10 Oct 2024 3542 Views

RISK: Extremely High Risk

TYPE: Clients - Browsers

TYPE: Browsers

A vulnerability was identified in Mozilla Products. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.

 

[Updated on 2024-10-14]

Updated System / Technologies affected, Solutions and Related Links.

 

Note:

Exploit in the wild has been detected for CVE-2024-9680, an attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines of Mozilla products.


Impact

  • Remote Code Execution

System / Technologies affected

Versions prior to:

 

  • Firefox 131.0.2
  • Firefox ESR 115.16.1
  • Firefox ESR 128.3.1
  • Thunderbird 115.16
  • Thunderbird 128.3.1
  • Thunderbird 131.0.1

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

  • Firefox 131.0.2
  • Firefox ESR 115.16.1
  • Firefox ESR 128.3.1
  • Thunderbird 115.16
  • Thunderbird 128.3.1
  • Thunderbird 131.0.1

Vulnerability Identifier


Source


Related Link