vulnerability

Red Hat: CVE-2024-9680: firefox: Use-after-free in Animation timeline (128.3.1 ESR Chemspill) (Multiple Advisories)

Name: Red Hat: CVE-2024-9680: firefox: Use-after-free in Animation timeline (128.3.1 ESR Chemspill) (Multiple Advisories)
Creator: Red Hat
Published: 2024-10-09T00:00:00.000Z
Keywords: CVE, CWE-416, Red Hat, 2024, 9680, firefox, redhat-upgrade-firefox, redhat-upgrade-firefox-debuginfo, redhat-upgrade-firefox-debugsource, redhat-upgrade-firefox-x11, redhat-upgrade-thunderbird, redhat-upgrade-thunderbird-debuginfo, redhat-upgrade-thunderbird-debugsource, Severity 10

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Oct 9, 2024

Added

Oct 11, 2024

Modified

Mar 27, 2026

Description

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.

Solutions

redhat-upgrade-firefoxredhat-upgrade-firefox-debuginforedhat-upgrade-firefox-debugsourceredhat-upgrade-firefox-x11redhat-upgrade-thunderbirdredhat-upgrade-thunderbird-debuginforedhat-upgrade-thunderbird-debugsource

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report