{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-107.pdf"
    },
    "title": "Critical Vulnerability in Firefox",
    "serial_number": "2024-107",
    "publish_date": "11-10-2024 08:08:06",
    "description": "On October 9th, 2024, the Mozilla Foundation issued a security advisory regarding a critical use-after-free vulnerability (CVE-2024-9680) in Firefox. <br>\n",
    "url_title": "2024-107",
    "content_markdown": "---    \ntitle: 'Critical Vulnerability in Firefox'\nnumber: '2024-107'\nversion: '1.0'\noriginal_date: '2024-10-09'\ndate: '2024-10-11'\n---\n\n_History:_\n\n* _11/10/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn October 9th, 2024, the Mozilla Foundation issued a security advisory regarding a critical use-after-free vulnerability (**CVE-2024-9680**) in Firefox [1]. \n\n# Technical Details\n\nThe vulnerability **CVE-2024-9680**, with a CVSS score 7.5, could allow an attacker to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. The Mozilla Foundation had reports of this vulnerability being exploited in the wild.\n\n# Affected Products\n\n- Firefox versions bellows 131.0.2\n- Firefox ESR versions bellows 115.16.1\n- Firefox ESR versions bellows 128.3.1\n\n# Recommendations\n\nCERT-EU strongly recommends upgrading to Firefox 131.0.2, Firefox ESR 115.16.1 or Firefox ESR 128.3.1\n\n# References \n\n[1] <https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/>",
    "content_html": "<p><em>History:</em></p><ul><li><em>11/10/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On October 9th, 2024, the Mozilla Foundation issued a security advisory regarding a critical use-after-free vulnerability (<strong>CVE-2024-9680</strong>) in Firefox [1]. </p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability <strong>CVE-2024-9680</strong>, with a CVSS score 7.5, could allow an attacker to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. The Mozilla Foundation had reports of this vulnerability being exploited in the wild.</p><h2 id=\"affected-products\">Affected Products</h2><ul><li>Firefox versions bellows 131.0.2</li><li>Firefox ESR versions bellows 115.16.1</li><li>Firefox ESR versions bellows 128.3.1</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU strongly recommends upgrading to Firefox 131.0.2, Firefox ESR 115.16.1 or Firefox ESR 128.3.1</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/\">https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}