CVE-2024-9680: An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this…

CVE-2024-9680 [CRITICAL] CWE-416 Mozilla Firefox Use-After-Free Vulnerability Vulnerability: Mozilla Firefox Use-After-Free Vulnerability Affected: Mozilla Firefox Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in Animation timelines that allows for code execution in the content process. Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Notes: https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-9680 Remediation Due Date: 2024-11-05

CVE-2024-9680 Thunderbird vulnerability Title: Thunderbird vulnerability Summary: Thunderbird could be made to crash or run programs if it opened a specially crafted file. Damien Schaeffer discovered that Thunderbird did not properly manage certain memory operations when processing content in the Animation timelines. An attacker could potentially exploit this issue to achieve arbitrary code execution. Instructions: In general, a standard system update will make all the necessary changes.

CVE-2024-9680 Firefox vulnerability Title: Firefox vulnerability Summary: Firefox could be made to run programs as your login if it opened a malicious website. Damien Schaeffer discovered that Firefox did not properly manage memory in the content process when handling Animation timelines, leading to a use after free vulnerability. An attacker could possibly use this issue to achieve remote code execution. Instructions: After a standard system update you need to restart Firefox to make all the necessary changes.

CVE-2024-9680 [CRITICAL] CWE-416 firefox: Use-after-free in Animation timeline (128.3.1 ESR Chemspill) firefox: Use-after-free in Animation timeline (128.3.1 ESR Chemspill) An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0. A remote code execution vulnerability was found in Firefox and Thunderbird. The Mozilla Foundation Security Advisories state: An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. Statement: The Mozilla Foundation Security Advisory indicates that this vulnerability is being exploited in the w

CVE-2024-9680 [CRITICAL] CVE-2024-9680: firefox - An attacker was able to achieve code execution in the content process by exploit... An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0. Scope: local sid: resolved (fixed in 131.0.2-1)

CVE-2024-9680 [CRITICAL] Mozilla Foundation Security Advisory 2024-52: CVE-2024-9680 Mozilla Foundation Security Advisory 2024-52 CVE: CVE-2024-9680 Product: Thunderbird Impact: critical Fixed in: Thunderbird 115.16 Thunderbird 128.3.1 Thunderbird 131.0.1

CVE-2024-9680 [CRITICAL] Mozilla Foundation Security Advisory 2024-51: CVE-2024-9680 Mozilla Foundation Security Advisory 2024-51 CVE: CVE-2024-9680 Product: Firefox, Firefox ESR Impact: critical Fixed in: Firefox 131.0.2 Firefox ESR 115.16.1 Firefox ESR 128.3.1

CVE-2024-9680 [CRITICAL] CVE-2024-9680: An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.

CVE-2024-9680 [CRITICAL] CWE-416 GHSA-hm3j-qgpw-pj98: An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, and Firefox ESR < 115.16.1.

CVE-2024-9680 [CRITICAL] CWE-416 Mozilla Firefox Use-After-Free Vulnerability Mozilla Firefox Use-After-Free Vulnerability Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in Animation timelines that allows for code execution in the content process. Affected: Mozilla Firefox Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Known Ransomware Campaign Use: Known Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cve.org/CVERecord?id=CVE-2024-9680; https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/; https://blog.mozilla.org/security/2024/10/11/behind-the-scenes-fixing-an-in-the-wild-firefox-exploit/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json

The Noise in the Silence: Unmasking CISA's Hidden KEV Ransomware Updates CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners Incident Investigation Add context to incidents to speed the determinations of scope and timelines Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns Why GreyNoise CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures Compromised Asset Detection Fin

CVE-2025-8088 [HIGH] Details emerge on WinRAR zero-day attacks that infected PCs with malware ## Details emerge on WinRAR zero-day attacks that infected PCs with malware ## Bill Toulas Researchers have released a report detailing how a recent WinRAR path traversal vulnerability tracked as CVE-2025-8088 was exploited in zero-day attacks by the Russian 'RomCom' hacking group to drop different malware payloads. RomCom (aka Storm-0978 and Tropical Scorpius) is a Russian cyberespionage threat group with a history in zero-day exploitation, including in Firefox (CVE-2024-9680, CVE-2024-49039) and Microsoft Office (CVE-2023-36884). ESET discovered that RomCom was exploiting an undocumented path traversal zero-day vulnerability in WinRAR on July 18, 2025, and notified the team behind the popular archiver tool. "Analysis of the exploit led to the discovery of the vulnerability, now assi

CVE-2024-11680 2nd December – Threat Intelligence Report Latest Publications CPR Podcast Channel AI Research Web 3.0 Security Intelligence Reports ThreatCloud AI Threat Intelligence & Research Zero Day Protection Sandblast File Analysis About Us SUBSCRIBE 2026 2025 2024 2023 2022 2021 2020 2019 2018 2017 2016 ## 2nd December – Threat Intelligence Report For the latest discoveries in cyber research for the week of 2nd December, please download our Threat Intelligence Bulletin . TOP ATTACKS AND BREACHES Supply chain software provider Blue Yonder was hit by a ransomware attack, disrupting services for clients like Starbucks and UK grocery chains Morrisons and Sainsbury’s. The incident affected operations such as employee scheduling and payroll processing. Blue Yonder is collaborating with cybersecurity firms to recover an

CVE-2024-9680 [HIGH] Firefox and Windows zero-days exploited by Russian RomCom hackers ## Firefox and Windows zero-days exploited by Russian RomCom hackers ## Sergiu Gatlan ​Russian-based RomCom cybercrime group chained two zero-day vulnerabilities in recent attacks targeting Firefox and Tor Browser users across Europe and North America. The first flaw ( CVE-2024-9680 ) is a use-after-free bug in Firefox's animation timeline feature that allows code execution in the web browser's sandbox. Mozilla patched this vulnerability on October 9, 2024, one day after ESET reported it. The second zero-day exploited in this campaign is a privilege escalation flaw ( CVE-2024-49039 ) in the Windows Task Scheduler service, allowing attackers to execute code outside the Firefox sandbox. Microsoft addressed this security vulnerability earlier this month, on November 12. RomCom abused the

[CRITICAL] SolarWinds Web Help Desk flaw is now exploited in attacks ## SolarWinds Web Help Desk flaw is now exploited in attacks ## Bill Toulas CISA has added three flaws to its 'Known Exploited Vulnerabilities' (KEV) catalog, among which is a critical hardcoded credentials flaw in SolarWinds Web Help Desk (WHD) that the vendor fixed in late August 2024. SolarWinds Web Help Desk is an IT help desk suite used by 300,000 customers worldwide, including government agencies, large corporations, and healthcare organizations. The SolarWinds flaw is tracked as CVE-2024-28987 and is caused by hardcoded credentials, a username of "helpdeskIntegrationUser" and password of "dev-C4F8025E7". Using these credentials, remote unauthenticated attackers could potentially access WHD endpoints and access or modify data without restriction. SolarWinds issued a hotfix four

CVE-2024-9680 [CRITICAL] Mozilla fixes Firefox zero-day actively exploited in attacks ## Mozilla fixes Firefox zero-day actively exploited in attacks ## Bill Toulas Mozilla has issued an emergency security update for the Firefox browser to address a critical use-after-free vulnerability that is currently exploited in attacks. The vulnerability, tracked as CVE-2024-9680, and discovered by ESET researcher Damien Schaeffer, is a use-after-free in Animation timelines. This type of flaw occurs when memory that has been freed is still used by the program, allowing malicious actors to add their own malicious data to the memory region to perform code execution. Animation timelines, part of Firefox's Web Animations API, are a mechanism that controls and synchronizes animations on web pages. "An attacker was able to achieve code execution in the content process by exploiting a

[CRITICAL] UAF in FontFaceSet::Load UAF in FontFaceSet::Load Created attachment 9487727 poc.zip # Root Cause Analysis In `FontFaceSet::Load`, `mImpl->FindMatchingFontFaces`[1] stores pointers of `FontFace` in the non-refcounted array `nsTArray faces`. This is fine as long as those `FontFace` instances are not freed in the remaining code of `FontFaceSet::Load`. Unfortunately, that's not the case here. ```cpp already_AddRefed FontFaceSet::Load(JSContext* aCx, const nsACString& aFont, const nsAString& aText, ErrorResult& aRv) { FlushUserFontSet(); nsTArray> promises; nsTArray faces; mImpl->FindMatchingFontFaces(aFont, aText, faces, aRv); // [1] if (aRv.Failed()) { return nullptr; } for (FontFace* f : faces) { RefPtr promise = f->Load(aRv); // [2], call to FontFace::Load if (aRv.Failed()) { return nullptr; } if (!promises.