CVE-2024-9680

CRITICAL

CVSS v3

9.8

CRITICAL

EPSS Score

31.3%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.

Technical Details

Published
10/9/2024

Frequently Asked Questions

What is CVE-2024-9680?

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.

Is CVE-2024-9680 actively exploited?

Active exploitation of CVE-2024-9680 has not been confirmed. The EPSS score is 31.3%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2024-9680?

CVE-2024-9680 has a CVSS v3 base score of 9.8 (CRITICAL severity).

Is CVE-2024-9680 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.