CVE-2024-9680
| CVE Published | 2024-10-09 |
|---|---|
| Related CWE(s) | CWE-416: Use After Free |
| Related Vendor(s) | mozilla, debian |
| Related Product(s) | thunderbird, firefox, debian_linux |
| Exploitation Reported (CISA KEV) | 2024-10-15 |
| CVSS 3 Base Score | 9.8 (CRITICAL) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | NETWORK |
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph