Subj : Mozilla warns of critical Firefox security flaw, so patch immedia To : All From : TechnologyDaily Date : Thu Oct 10 2024 16:30:05 Mozilla warns of critical Firefox security flaw, so patch immediately Date: Thu, 10 Oct 2024 15:28:00 +0000 Description: Flaw in Mozilla Firefox is being exploited in the wild, browser maker reports. FULL STORY ====================================================================== Mozilla has just patched a major vulnerability in its Firefox browser that was apparently being abused in the wild. In a short security advisory, the company said it discovered a use-after-free vulnerability in Animation timelines. This bug, tracked as CVE-2024-9680, does not yet have a severity rating, but is being abused to achieve remote code execution (RCE), which means crooks can use it to deploy malware on vulnerable devices, and possibly even take them over, entirely. Drive-by, XSS, and more "We have had reports of this vulnerability being exploited in the wild, Mozilla said in the advisory, adding both Firefox and Firefox Extended Support Release (ESR) are vulnerable, so users are advised to patch to these versions immediately: Firefox 131.0.2 Firefox ESR 128.3.1, and Firefox ESR 115.16.1. There are currently no reports on who, or how, is exploiting this bug, but looking at similar recent issues, there are several ways the vulnerability could be abused, including a watering hole attack targeting specific websites, or a drive-by download campaign that tricks people into visiting the wrong website. Browsers are an indispensable part of every computer these days, and as such, they are basically omnipresent. This makes them an extremely popular target for cybercriminals looking for a way onto a network and into a device. Firefox, with more than 250 million monthly active users, is one of the most popular products in its category, having been downloaded more than 2 billion times globally. By hosting vulnerable code, the browser allows threat actors to conduct, among other things, drive-by download attacks. Hackers can inject malicious code into websites or ads they previously compromised. When a user visits such a site, they download malware without even realizing. Other types of attacks made possible via compromised browsers include cross-site scripting (XSS), buffer overflows, and man-in-the-middle attacks. Via The Hacker News More from TechRadar Pro More cybersecurity firms could collapse soon, experts warn Here's a list of the best firewalls today These are the best endpoint protection tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/mozilla-warns-of-critical-firefox-secur ity-flaw-so-patch-immediately --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .