FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

firefox -- use-after-free code execution

Affected packages
firefox < 131.0.2,2
firefox-esr < 128.3.1,1

Details

VuXML ID 2fb13238-872d-11ef-bd1e-b42e991fc52e
Discovery 2024-10-09
Entry 2024-10-10

security@mozilla.org reports:

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild.

[source]

References

CVE Name CVE-2024-9680
URL https://nvd.nist.gov/vuln/detail/CVE-2024-9680

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.