CVE-2024-9680
CRITICAL
9,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Description
AI Translation Available
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,2463
Percentile
1,0th
Updated
EPSS Score Trend (Last 90 Days)
416
Use After Free
StableCommon Consequences
Security Scopes Affected:
Integrity
Availability
Confidentiality
Potential Impacts:
Modify Memory
Dos: Crash, Exit, Or Restart
Execute Unauthorized Code Or Commands
Applicable Platforms
Languages:
C, C++, Memory-Unsafe
Application
Firefox by Mozilla
Version Range Affected
To
131.0.2
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Firefox by Mozilla
Version Range Affected
To
115.16.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Firefox by Mozilla
Version Range Affected
From
128.1.0
(inclusive)
To
128.3.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Thunderbird by Mozilla
Version Range Affected
To
115.16.0
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Thunderbird by Mozilla
Version Range Affected
From
128.0.1
(inclusive)
To
128.3.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Debian Linux by Debian
CPE Identifier
View Detailed Analysis
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Thunderbird by Mozilla
CPE Identifier
View Detailed Analysis
cpe:2.3:a:mozilla:thunderbird:131.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024…
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281992
https://lists.debian.org/debian-lts-announce/2024/10/msg00005.html
https://lists.debian.org/debian-lts-announce/2024/10/msg00006.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1923344
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039
https://www.mozilla.org/security/advisories/mfsa2024-51/
https://www.mozilla.org/security/advisories/mfsa2024-52/