Hackers exploit Firefox vulnerability in attacks, Mozilla urges users to download latest version

marry 10.10.2024, 13:00 PM

Mozilla has urged users to update Firefox to the latest version, warning that hackers are exploiting a critical security vulnerability affecting Firefox and the Firefox Extended Support Release (ESR). The vulnerability, tracked as CVE-2024-9680, is a bug in the Animation timeline component.

Mozilla says they have received reports that this vulnerability is being exploited in attacks.

The vulnerability was reported to the company by Damjan Šefer from the Slovak company ESET.

The problem is solved in the following web browser versions: Firefox 131.0.2, Firefox ESR 128.3.1 and Firefox ESR 115.16.1.

There are currently no details on how the vulnerability is being exploited in attacks, and no information on the identity of the attackers.

Such vulnerabilities can be exploited in several ways, either as part of a watering hole attack in which attackers use specific websites that they assume victims visit frequently, or through drive-by attacks in which users are tricked into visiting fake websites from which they will be downloaded malware.