Skip to content

2024-107: Critical Vulnerability in Firefox

Table of Contents

On October 9th, 2024, the Mozilla Foundation issued a security advisory regarding a critical use-after-free vulnerability (CVE-2024-9680) in Firefox.


Mozilla Security Advisory on CVE-2024-9680

History

11/10/2024 --- v1.0 -- Initial publication

Summary

On October 9th, 2024, the Mozilla Foundation issued a security advisory regarding a critical use-after-free vulnerability (CVE-2024-9680) in Firefox [1].

Technical Details

The vulnerability CVE-2024-9680, with a CVSS score 7.5, could allow an attacker to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. The Mozilla Foundation had reports of this vulnerability being exploited in the wild.

Affected Products

  • Firefox versions below 131.0.2
  • Firefox ESR versions below 115.16.1
  • Firefox ESR versions below 128.3.1

Recommendations

CERT-EU strongly recommends upgrading to Firefox 131.0.2, Firefox ESR 115.16.1 or Firefox ESR 128.3.1

References


MITRE ATT&CK Matrix Analysis

MITRE ATT&CK Matrix from Advisory

Based on the advisory issued on October 9th, 2024 by the Mozilla Foundation regarding CVE-2024-9680.

Enterprise Layer

Techniques Sub-Techniques Potential Attacker Groups Mitigation Techniques
TA0001: Initial Access N/A Unspecified APT groups Update Software (M1051)
TA0009: Collection N/A Unspecified APT groups Limit Access to Resource Over Network (M1035)
TA0011: Command and Control T1132: Data Encoding Unspecified APT groups Network Intrusion Prevention (M1037)
TA0040: Impact T1499: Endpoint Denial of Service Unspecified APT groups Endpoint Security (M1047)

Mobile Layer

Techniques Sub-Techniques Potential Attacker Groups Mitigation Techniques
N/A N/A N/A N/A

ICS Layer

Techniques Sub-Techniques Potential Attacker Groups Mitigation Techniques
N/A N/A N/A N/A

Recommendations

Following the advisory, CERT-EU strongly recommends upgrading to:

  • Firefox 131.0.2
  • Firefox ESR 115.16.1
  • Firefox ESR 128.3.1

References

[1] Mozilla Foundation Security Advisory MFSA2024-51


This post was generated entirely by an AI language model. Source: CERT EU

Latest