Mozilla Releases Warning for Critical Firefox Vulnerability Exploited in the Wild

Recent reports released patch time for Firefox fans, as the Mozilla Foundation captured a bug that was already exploited by attackers in the wild. However, the cooperation has already issued security advisory patches for those who may be vulnerable.

Tracked as CVE-2024-9680, this is a use-after-free issue in Animation timelines, which hackers are exploiting to crack arbitrary code. It carries a CVSSv3 vulnerability severity rating of 9.8 out of 10 and a low attack complexity (no privileges or user interaction is needed to exploit the flaw). Which translates into high risk in the event of a successful attack.

The most worrying aspect is that the browser was already exposed in the wild before it was discovered. This bug was discovered by Damien Schaeffer, who is a researcher from the cybersecurity firm ESET.

Understanding the severity of the vulnerability, countries like Canada, the Netherlands, and Italy compelled their national cybersecurity centers to issue individual advisories. 

Satnam Narang, a senior staff research engineer at Tenable, noted in an interview that Mozilla hasn’t provided details about the exploit. “Unfortunately, without the full context we don’t know how widespread exploitation was,” he said. “I imagine it’s not super-wide because if it was, we probably would have heard more about it. So I would err on the side of this likely being used in a limited fashion in targeted attacks.”

So, to mitigate this security risk, the Mozilla Foundation has recommended users upgrade their browser to the available latest version of Firefox.

“Ignoring this update could lead to severe security breaches and data compromise within affected organizations,” researchers warned.