216.73.216.233

CVE-2024-9680

· Published 09/10/2024 13:15 · Modified 16/10/2024 15:07

Labels: CVE-2024-9680 2024-10-09CVE-2024-9680CWE-416[email protected]

Essential information

Published
09/10/2024 13:15
Modified
16/10/2024 15:07
Author
Creator
CVSS
9.8 CRITICAL (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
mozilla / firefox cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozilla / firefox esr cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
mozilla / firefox esr cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
mozilla / thunderbird cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
mozilla / thunderbird cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
mozilla / thunderbird cpe:2.3:a:mozilla:thunderbird:131.0:*:*:*:*:*:*:*

References