I love Firefox, and it’s been my daily browser for years. Unfortunately, a critical vulnerability has just been discovered, so I’m writing this article to urge you to update it quickly. This flaw, identified as CVE-2024-9680, allows an attacker to take full control of your machine. Yes, you read that right…
But don’t worry, Mozilla’s teams reacted swiftly by releasing an emergency patch that you can install right away. To do this, go to “About Firefox”… the browser will automatically check for and install the updates. To stay secure, you need to be on one of the following versions: Firefox 131.0.2, Firefox ESR 128.3.1, or Firefox ESR 115.16.1.
This security flaw is related to a “use-after-free” issue in the handling of Firefox’s animation timeline. It’s a bug that allows a program to use a pointer after memory has been freed. An attacker could exploit this “freed” space to inject malicious code.
This problem is particularly severe because it is already being actively exploited. Reports indicate that this vulnerability has been used in recent real-world attacks, making it even more critical. Vulnerabilities like this are often used in targeted attacks such as “watering hole” attacks or “drive-by download” campaigns.
In short, update Firefox as soon as possible!
And a special thanks to Damien Schaeffer from ESET who discovered and reported this flaw.