Mozilla fixes critical Firefox bug exploited in the wild

Avatar

Mozilla has patched a serious security flaw in its Firefox web browser that the company said is being exploited by hackers.

In an advisory on Wednesday, Mozilla stated that the bug, tracked as CVE-2024-9680, could allow attackers to execute malicious code within the browser’s content process — an environment where web content is loaded and rendered.

The vulnerability was discovered by Damien Schaeffer, a researcher from the cybersecurity firm ESET, in the browser’s animation timelines, which control how animations are presented on web pages.

It’s a “use-after-free” flaw that occurs when a program tries to use memory that it has already released or freed. Such memory corruption bugs are typically used to attack and exploit browsers and could potentially give attackers control over the service or further access to the system.

Mozilla said it received reports of this vulnerability being exploited in the wild but did not provide further details.

The exploit requires no user interaction and can be executed over the network with low complexity. It was given a CVSS score of 9.8 out of 10, signifying a critical vulnerability, according to researchers at  Recorded Future. The Record is an editorially independent unit of Recorded Future.

To address this vulnerability, Mozilla recommends that users update their Firefox installations to the most current versions available.

“Ignoring this update could lead to severe security breaches and data compromise within affected organizations,” researchers warned.

CybercrimeNewsNews BriefsTechnology
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

OpenAI disrupts 20 campaigns to misuse its tech as federal officials mull international use of AI

Next Post

DDoS attacks on Internet Archive continue after data breach impacting 31 million

Related Posts

New macOS Malware “Cthulhu Stealer” Targets Apple Users’ Data

Cybersecurity researchers have uncovered a new information stealer that's designed to target Apple macOS hosts and harvest a wide range of information, underscoring how threat actors are increasingly setting their sights on the operating system. Dubbed Cthulhu Stealer, the malware has been available under a malware-as-a-service (MaaS) model for $500 a month from late 2023. It's capable of
Avatar
Read More