You Should Update Firefox Now


Mozilla has released an urgent security update for the Firefox browser to address a critical vulnerability actively exploited in attacks. If you use Firefox, download the update as soon as possible.


The vulnerability, tracked as CVE-2024-9680, is a use-after-free flaw found in animation timelines. This feature of Firefox’s Web Animations API controls and synchronizes animations on web pages. ESET researcher Damien Schaeffer discovered that the vulnerability lets attackers inject malicious data into freed memory. This essentially lets them execute arbitrary code in the browser’s content process. Mozilla confirmed that there have been reports of this vulnerability being exploited in the wild, though the details on targeting and attack methods are not available. The vulnerability affects all supported versions of Firefox, including the latest standard release and extended support releases (ESR).


Mozilla has released updated versions of Firefox: Firefox 131.0.2, Firefox ESR 115.16.1, and Firefox ESR 128.3.1 with the fix. Everyone is encouraged to upgrade to these latest versions as soon as possible. You should be fine if you have automatic updates, but those who need to manually update can do it in the browser itself. Go to Settings, then Help, and finally click About Firefox. This will start the update automatically, but you’ll still need to restart the browser after it finishes.


This is the second time this year that Mozilla has had to address a zero-day vulnerability in Firefox. In March, the company released security updates for CVE-2024-29943 and CVE-2024-29944, both are critical-severity issues that were discovered and demonstrated by Manfred Paul during the Pwn2Own Vancouver 2024 hacking competition. Firefox also had a notable update for a critical fix last year. Other web browsers are also frequently finding and patching zero-day vulnerabilities, including Google Chrome, so Firefox isn’t unique when it comes to security.

Source: Mozilla via Bleeping Computer



Source link
Exit mobile version