⚡ TL;DR | Go Straight to the Mozilla Firefox Vulnerability Audit Report
Mozilla released emergency security updates for Firefox and Firefox ESR in response to a critical use-after-free vulnerability. The vulnerability is already being exploited in attacks, so users are advised to update their installations as soon as possible. If an attack is successful it can lead to remote code execution which could in turn compromise sensitive data and systems. We have added a new report to Lansweeper to help you locate vulnerable devices.
Firefox Vulnerability CVE-2024-9680
The vulnerability tracked as CVE-2024-9680 is a use-after-free vulnerability in Animation timelines with a critical CVSS score of 9.8. An attacker could use this vulnerability to achieve code execution. Mozilla has had reports that it is already being exploited in the wild, but at the moment no details are available about how. You can read Mozilla’s advisory here.
Update Vulnerable Firefox Instances
The critical severity score and the fact that this vulnerability is already being exploited make it essential that you update any installation of Firefox and Firefox ESR as soon as possible. Mozilla fixed the issue in Firefox version 131.0.2, Firefox ESR 115.16.1, and Firefox 128.3.1.
Discover Vulnerable Firefox and Firefox ESR Installs
We have added a new report to Lansweeper to help you find any vulnerable Firefox installations. This will give you an actionable list of devices that are still running older versions of Firefox or Firefox ESR so you can update them accordingly. You can get the report via the link below.
