AI description
CVE-2024-9680 is a use-after-free vulnerability found within the Animation timelines component of Mozilla Firefox and Thunderbird. This flaw allows an attacker to achieve code execution in the content process by exploiting memory that has been freed but is still referenced. Reports indicate that this vulnerability has been actively exploited in the wild. Affected versions include Firefox before 131.0.2, Firefox ESR before 115.16.1 and 128.3.1, and Thunderbird before 131.0.1, 128.3.1, and 115.16.0. Mozilla has released updates to address this issue.
- Description
- An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.
- Source
- security@mozilla.org
- NVD status
- Analyzed
- Products
- firefox, thunderbird, debian_linux
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Mozilla Firefox Use-After-Free Vulnerability
- Exploit added on
- Oct 15, 2024
- Exploit action due
- Nov 5, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
Firefox was recently hit by CVE-2024-9680, a critical level use-after-free vulnerability, also impacting browsers like Tor and Zen . Learn how use-after-free exploits can have a major impact in real-world code. https://t.co/P8O2G7Cnsd
@babyhawkfeather
114 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mozilla corrige falha crítica no Firefox que permite executar códigos arbitrários: a vulnerabilidade, rastreada como CVE-2024-9680
@baniwa_cmd
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mozilla recently issued an emergency security patch for a critical zero-day vulnerability in Firefox, tracked as CVE-2024-9680. This flaw is classified as a "use-after-free" vulnerability, which occurs in the browser's Animation timelines Read more: https://t.co/r7fAW06gs0 https:
@AlashwasSec
37 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Hey Firefox friends: UPDATE NOW A CSS based RCE was found in firefox. 9.8/10 critical score. If you're not on 131.0.2, 128.3.1, or 115.16.1 then stop everything and update. Until you do, any page you visit will have the ability to root your PC. CVE-2024-9680
@xahferd
146 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Security Alert: Firefox Zero-Day 🚨 #Mozilla warns of a critical vulnerability (CVE-2024-9680) in #Firefox/ESR, actively exploited in #cyberattacks. Rated 9.8 (CVSS), it allows arbitrary code execution. Read more from the GB Hackers team at https://t.co/v93axopipP https://t.
@cyforsecure
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 High-Risk Alert for Mozilla Firefox & Thunderbird Users! ⚠️ The Indian government has flagged a critical vulnerability (CVE-2024-9680) in Mozilla Firefox and Thunderbird, which could allow hackers to take control of your system remotely! 😱 🔑 Key Details: Affects versio
@HungamaHeadline
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
الثغرة الجديدة في Firefox ممكن تتستغل كمان في Tor 💬 مؤخرًا نزل تحديث لـ Firefox اللي أصلح ثغرة (CVE-2024-9680) في المتصفح كانت بتسمح بتنفيذ أكواد عشوائية من خلال الرسوم المتحركة. https://t.co/f67Bcw0X1P
@hiddenlockT
37 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Firefox brauzerində kritik (CVE-2024-9680) boşluq aşkar olunub. #ETX #certaz #cybersecurity #xəbərdarlıq https://t.co/J54AQjGhRR
@CERTAzerbaijan
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Regarding some confusion around the current Firefox 0day CVE-2024-9680. One of the devs @emiliocobos has clarified on a comment on @LowLevelTweets utube channel. https://t.co/OX1nsa7Tg0
@mistymntncop
3207 Impressions
0 Retweets
29 Likes
8 Bookmarks
4 Replies
0 Quotes
Mozilla urges all Firefox users to update their browsers immediately due to a critical vulnerability (CVE-2024-9680) being actively exploited. The flaw could allow attackers to take control of your system. Ensure your Firefox version is up to date to stay protected
@thelowbyte
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
以下の4脆弱性がランサムウェアに悪用されたことが確認された。米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログが更新。 - Windowsの権限昇格CVE-2024-49039, CVE-2024-30088 - Cy
@__kokumoto
29 Jan 2026
2771 Impressions
6 Retweets
36 Likes
16 Bookmarks
0 Replies
0 Quotes
Happy 2026! Wrapped up an exploit against Firefox 131.0 (CVE-2024-9680) over the holidays! https://t.co/idkIJJBSlu. Shoutout to @DimitriFourny for the fantastic analysis on this bug!
@r0t0tiller
14 Jan 2026
118 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - moscovium-mc/Tor-0day-JavaScript-Exploit: CVE-2024-9680 A UAF (use-after-free) vulnerability in Animation timelines allowed to achieve code execution in the content process in order to be potentially deanonymized. https://t.co/KISRg0nVwr
@akaclandestine
4 Dec 2025
2406 Impressions
12 Retweets
37 Likes
21 Bookmarks
0 Replies
0 Quotes
https://t.co/DpN2NpnXL7 #cloudnews #クラウド この脆弱性はFirefoxのアニメーションタイムライン機能に存在するUse-After-Freeのバグ(解放済みメモリへアクセスされる問題)であり、CVE-2024-9680が割り当てられています。Mo
@tontontonton
26 Aug 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
利用use-after-free漏洞(CVE-2024-9680)和沙箱逃逸/权限提升漏洞(CVE-2024-49039),从低完整性级别(Low Integrity Level)提升至SYSTEM级别。 在同一漏洞仍为零日时,利用相同漏洞通过加密货币新闻网站的水坑攻击(Watering
@Struggle_621
21 Jul 2025
3161 Impressions
0 Retweets
12 Likes
0 Bookmarks
0 Replies
0 Quotes
Happy April Fool's Day! For anyone looking for in-the-wild samples for CVE-2024-9680 & CVE-2024-49039 fullchain in Firefox, here is one of them(with some missing information): https://t.co/Mt9t0NFWxb
@jq0904
1 Apr 2025
2816 Impressions
5 Retweets
27 Likes
11 Bookmarks
0 Replies
0 Quotes
https://t.co/CkaZAoiZMU Zero-day vulnerability in Firefox and Windows Die kürzlich von der RomCom-Gruppe (auch bekannt als Storm-0978) genutzte Exploit-Kette – die eine Zero-Day-Schwachstelle in Firefox (CVE-2024-9680) und eine Privilege-Escalation-Zero-Day-Schwachstelle in M…
@B2bCyber
23 Dec 2024
43 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Zero-Day-Schwachstelle in Firefox und Windows https://t.co/IUnoXRN4Ul Die kürzlich von der RomCom-Gruppe (auch bekannt als Storm-0978) genutzte Exploit-Kette – die eine Zero-Day-Schwachstelle in Firefox (CVE-2024-9680) und eine Privilege-Escalation-Zero-Day-Schwachstelle …
@B2bCyber
23 Dec 2024
38 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/JxXsmCb7w8 https://t.co/TxtPcFl50p
@NickBla41002745
13 Dec 2024
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/f42l3yqRbw https://t.co/TjBVukkrIB
@Trej0Jass
8 Dec 2024
175 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Did you know? The RomCom APT group exploited a zero-day vulnerability in Firefox (CVE-2024-9680) with a CVSS score of 9.8! This flaw allows code execution simply by visiting a malicious website—no user interaction required! Stay vigilant! #CyberThreats #ZeroDay
@RightHandTech
8 Dec 2024
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/nCSTIcMMoQ https://t.co/s4oP1QICCW
@NickBla41002745
6 Dec 2024
160 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Russian-based cybercrime group RomCom exploited two zero-day vulnerabilities targeting Firefox and Tor Browser users in Europe and North America. The first, CVE-2024-9680, is a use-after-free flaw in Firefox’s Animation Timelines feature that enables attackers to execute code
@enfoasecurity
6 Dec 2024
219 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 RomCom Group Exploits Critical Zero-Days!🚨 CVE-2024-9680 (Firefox) CVE-2024-49039 (Windows) #CyberSecurity #ZeroDay #RomComGroup #infosec https://t.co/WtjLbdLV4T
@decrypting_sec
5 Dec 2024
168 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/dKp5G0TR3P https://t.co/lzoDqvH31f
@pcasano
4 Dec 2024
22 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/lxKOiRN55s https://t.co/RphAU50zi2
@IT_Peurico
3 Dec 2024
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/iASd6FaQgC https://t.co/pQasmud8Ez
@TechMash365
3 Dec 2024
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
گروه هکری به نام RomCom از ۲ آسیب پذیری در مرورگر Firefox و ویندوز که از نوع Zero day هستند برای Deploy کردن و استقرار backdoor بدون اینکه قربانی لازم باشد کاری انجام دهد ، استفاده کردند. کد شناسایی این آسیب پذیری ها CVE-2024-9680 می باشد. https://t.co/Poz3aKY03t https://t.co/7b
@AmirHossein_sec
2 Dec 2024
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The main idea for this #threatreport: The main idea of the text is about the discovery of a critical zero-day vulnerability, CVE-2024-9680, in Mozilla products exploited by the threat group RomCom, along with their use of another zero-day vulnerability in Windows to deploy a… htt
@rst_cloud
1 Dec 2024
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
2/11 Discover CVE-2024-9680 in @firefox 's Animation component - a critical use-after-free bug. Already patched, but were you at risk? #CyberAttack #MozillaFirefox 📈
@Eth1calHackrZ
30 Nov 2024
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/RDNXmXNeK4 https://t.co/iSot4XacYA
@Art_Capella
29 Nov 2024
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/T7yfIurPol https://t.co/HBPpPCNfJc
@dansantanna
29 Nov 2024
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/mDmm3KmWob https://t.co/4T8VA9WxIo
@Trej0Jass
29 Nov 2024
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ALERTA CRÍTICA DE CIBERSEGURIDAD 🚨 Detectado ataque del grupo ruso RomCom usando Firefox/Thunderbird: Vulnerabilidad zero-click No requiere interacción Afecta empresas en 🇪🇸 y 🇲🇽 Instala backdoor para espionaje CVE-2024-9680 / CVE-2024-49039 🧵[1/2]
@LeonelM41262107
28 Nov 2024
32 Impressions
1 Retweet
1 Like
0 Bookmarks
1 Reply
0 Quotes
#threatreport #MediumCompleteness RomCom Backdoor Attacks Use Zero-Day Exploits in Mozilla and Windows (CVE-2024-9680 & CVE-2024-49039) | 27-11-2024 Source: https://t.co/B4r38QE6R3 Key details below ↓ https://t.co/jXyrAKrhpS
@rst_cloud
28 Nov 2024
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Re: The ITW CVE-2024-9680 exploit. I don't understand the purpose of the XSLT stuff. Doesn't really seem necessary ? Or We're they using it as an alloc primitive ?
@mistymntncop
28 Nov 2024
2378 Impressions
2 Retweets
11 Likes
5 Bookmarks
1 Reply
0 Quotes
A research by #ESET has discovered that there have been multiple attacks using the recently reported CVE-2024-9680 and CVE-2024-49039 #vulnerabilities for #Firefox and #Windows https://t.co/dhAZiyvafK
@anemboca
27 Nov 2024
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom Backdoor Attacks Use Zero-Day Exploits in Mozilla and Windows (CVE-2024-9680 & CVE-2024-49039) https://t.co/kOi98IW9Ur #security #feedly
@go_stripe
27 Nov 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
FirefoxとWindowsのゼロデイをロシアハッカーRomComが悪用:CVE-2024-9680 - Codebook https://t.co/NwlMSkSAE3 #izumino_trend
@sec_trend
27 Nov 2024
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Russian hackers exploited Firefox (CVE-2024-9680, CVSS 9.8) & Windows (CVE-2024-49039, CVSS 8.8) zero-days to run malicious code. Discovered Oct 8 by ESET. Patches: Mozilla (24hrs), Microsoft (Nov 12, KB5046612). Update now! 🔒#Cybersecurity Source: https://t.co/wvEK7p3r
@ANlKsaha
27 Nov 2024
46 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
RomCom (Storm-0978) exploited @firefox (CVE-2024-9680) & @Windows (CVE-2024-49039) zero-days. - CVE-2024-9680: RCE in Firefox’s content process, bypassing Tor Browser sandbox. No interaction, low complexity. - CVE-2024-49039: Code execution outside sandbox via Windows task
@cybercitizen7
27 Nov 2024
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom Exploits Zero-Days in Firefox (CVE-2024-9680) & Windows (CVE-2024-49039) with No User Interaction Delve into the details of RomCom's sophisticated cyberattack, exploiting zero-day vulnerabilities in Firefox and Windows. https://t.co/Gy6CLvJMTv
@the_yellow_fall
27 Nov 2024
1053 Impressions
8 Retweets
20 Likes
8 Bookmarks
0 Replies
0 Quotes
Russian RomCom is exploiting twin bugs #Romcom #CVE-2024-9680 #CVE-2024-49039 https://t.co/bLzDJUnt4t
@pravin_karthik
27 Nov 2024
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
備忘 10月のFirefoxのFirefox Animation の脆弱性CVE-2024-9680は↓がパッと見た中だと1番具体的なイメージがつく。 https://t.co/lTCXnb7VgY
@ryokutyato
26 Nov 2024
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RomCom sfrutta vulnerabilità zero-day in Firefox e Windows Sicurezza Informatica, CVE-2024-49039, CVE-2024-9680, cybercrime, Mozilla Firefox, romcom, sandbox escape, windows, zero-day https://t.co/t0HyMAHBla https://t.co/AgOwf5PbAu
@matricedigitale
26 Nov 2024
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RCE in Mozilla and Privilege Escalation in MS Windows: New Kill Chain Used in the Wild by Threat Actor. Make sure you patch your OS and web browser now! 💻 🦊 🔥 CVE-2024-9680 (CVSS score: 9.8) Firefox CVE-2024-49039 (CVSS score: 8.8) Windows Research: https://t.co/3xL7RSfWgL h
@it4sec
26 Nov 2024
162 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
This blog discusses CVE-2024-9680, a vulnerability in Firefox animations that could be exploited. https://t.co/xC5mZRFTh3 #firefox #cve
@kriwarefeed
22 Nov 2024
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-9680
@transilienceai
21 Nov 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#exploit 1. CVE-2024-9680: UaF in Firefox Animation timeline https://t.co/IRVaEaeWpj 2. CVE-2023-7261: Google Chrome Updater DosDevices LPE https://t.co/OkfCZcZkoU 3. CVE-2024-9796: WP Advanced-Search <=3.3.9 - Unauth SQLI https://t.co/nPT7YuDWuE
@ksg93rd
19 Nov 2024
153 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
2024-11-15 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― Firefox Animation CVE-2024-9680 – Dimitri Fourny https://t.co/4BebsrrqQm https://t.co/3uIMvKYvQE
@motikan2010
16 Nov 2024
157 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"vulnerable": true,
"matchCriteriaId": "45244B45-832B-4C4A-8004-8D13C331E52B",
"versionEndExcluding": "115.16.1"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07E39FE8-1685-46D2-9E3E-2613F3852132",
"versionEndExcluding": "131.0.2"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C4AEB9BD-EB47-4F96-BC72-949023ACE8ED",
"versionEndExcluding": "128.3.1",
"versionStartIncluding": "128.1.0"
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB9A49A0-8233-46B2-894A-FAD4DC6ED563",
"versionEndExcluding": "115.16.0"
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F48D7DE7-477D-4026-B6BD-BFE2BC5382F3",
"versionEndExcluding": "128.3.1",
"versionStartIncluding": "128.0.1"
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:131.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD5E6249-26BF-4E13-87D8-B15EF63A859F"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
],
"operator": "OR"
}
]
}
]